For many of us, our first experience of technology was the toys we played with: Merlin, Simon, Scalextric or the Super Nintendo – nostalgic novelties that allowed us to bridge between fantasy and reality.
Over the last decade, digitalisation has narrowed this connection, blurring the lines between what’s real and what’s not. Everything is now connected to the internet, even our toys, allowing us to reach previously unreachable worlds.
This Christmas, thousands of junior techies will be screaming out for some of the latest gadgets and high up on the list of “must-haves” will be connected toys – teddies, dolls, robots… you name it.
But there are risks. As cool as some of these toys are, serious security and privacy concerns hang overhead. And as a father myself, it would be remiss of me not to mention them.
We, like a lot of cybersecurity companies, have shared our concerns around connected toys in the past. But most recently, an investigation by Which? into the security of connected toys found that four out of the seven devices tested could be used to communicate directly with the children playing with them, and easily hacked through unsecured Bluetooth connections.
Earlier this year, the German government banned certain connected products, including smart watches, aimed at children for this very reason.
I can’t speak to the legislature but I do know a thing or two about cybersecurity. So, for parents intent on surprising their children with a connected toy this Christmas, here is my advice to ensure playtime remains safe:
1. When researching the best toys and the best prices, also research the manufacturers. If they have questionable security practices, or if issues have been raised in the past, it is better to be safe and not buy the toy.
2. Once you are happy with its security credentials and have made a purchase, familiarise yourself with it and enable its privacy settings. Sitting with your child to do this will also help them understand why these settings are so important.
3. If the toy comes with a default username and password, change them immediately. Create unique and complex passwords that include numbers, characters and symbols. It could mean that your child has to ask for the password every time they want to play with it. However, it will greatly reduce the chances of a criminal hacking the toy.
4. Connected toys will need a Wi-Fi network, and in some cases a smartphone to control them over Bluetooth. It’s important to ensure these connections are secure, especially if the toy is capable of storing location data. For Bluetooth connectivity make sure there is a verification step when pairing devices with toys. For Wi-Fi connectivity, public Wi-Fi hotspots are like gold dust to hackers, so invest in a Wi-Fi inspector tool to assess the security levels of the connection.
5. There can also be risks when connecting a toy to a home Wi-Fi network. To ensure your home network is secure make sure that you have the latest router from your broadband provider installed, change any default passwords as soon as it is set up and investigate how to secure the router.
6. Install strong security software to identify if any devices connected to your home network are vulnerable. Most attacks to smart devices typically occur because the person failed to update the device with the latest software version from the manufacturer, or the manufacturer didn’t provide an update to protect from known vulnerabilities.
7. Finally, remember to talk to children of all ages, about staying safe and how they use connected toys, the importance of privacy settings and what they should and shouldn’t share. Educating them early will make them more conscious of what they need to do in future to protect themselves.