Toy manufacturers are taking advantage of the possibilities offered by the Internet of Things to market more attractive products for children and their families. The global market for smart entertainment for children is expected to exceed 24 billion euros in 2027, after experiencing double-digit percentage growth in various years.
Parents are increasingly opting for these items to encourage their children's learning and creativity, without this meaning that they stop having fun. However, experts warn of a danger that, in the case of kids, is especially delicate: intrusion into their privacy and data theft. For this reason, security research is now a priority, also in this business.
Smart toys are built on a familiar foundation: device connectivity is used to deliver more immersive or interactive experiences. For this, microphones and cameras that receive audio and video are used. Likewise, speakers and screens are incorporated. Or bluetooth or Wi-Fi to link the object to an application, and a long etcetera that allow these artifacts to go much further than the dolls or inanimate vehicles of previous decades.
Analysts warn of the strategy of some companies, more concerned with investing in digital innovations than in prevention. Thus, there are toys that are vulnerable to computer attacks. A teddy bear, designed for children from three to eight years old, was immersed in an international controversy for this reason, since the passwords stored to interact with it were stored in the cloud with a certain precariousness.
My Friend Cayla was a doll that invited the little ones to ask her questions that she could answer after carrying out some search on the internet. However, authorities discovered a privacy flaw that would make it possible for hackers to spy on families through the toy, similar to what happened with the Safe-KID-One watch.
The consultancy NCC Group has found several errors of this type: weak password policies and even the creation of accounts without encryption; transmission of offensive or annoying messages; violations of the regulation of electronic communications; or toy pairings without passwords or other controls. In theory, a hacker could go so far as to enter a smart home through a child's walkie talkie simply by associating with this device and indicating the following: "Alexa, open the door."
