Why the Internet of Toys needs security solutions

Recently we wrote about the Internet of Toys and how it’s revolutionizing playtime. Thanks to the IoT and M2M technology, toys are now linked to the Internet, meaning they’re able to communicate with humans and act out narratives developed by toy company storytellers. With the festive season almost upon us, connected toys are sure to be flying from the shelves.

While the opportunities for more engaging playtime and cognitive development are endless, there are unfortunately risks attached, meaning that effective security solutions are crucial.

Last month, disturbing news surfaced highlighting how toymaker VTech had been hacked, resulting in cyber-attackers gaining photos of children and chat logs. Around 5 million profiles are estimated to have been affected. One leading security expert has stated that VTech did not properly encrypt customer passwords, leaving them vulnerable to a data breach. Clearly, the VTech hack underlines the importance of effectively managing customer data ensuring secure IoT toys.

There have also been concerns over Mattel’s Wi-Fi-enabled ´Hello Barbie´ doll, with a security analyst claiming that a cyber-attacker could use it as a kind of surveillance device or make it say anything it is not supposed to say to children. According to experts, any hacker could intercept user data by simply setting up a Wi-Fi connection with the name ‘Barbie’. This is because the toy is programmed to connect to networks with that particular name, making life remarkably easy for a hacker. What this controversy highlights is the need for IoT-enabled devices, whether they’re toys, fitness trackers, or smartphones, to connect to the Internet via secure networks. Clearly, if the Internet of Toys is to be successful, toy companies need to behave more like IT organizations, with strong focus on security. When children are involved, lapses in security cannot be tolerated.

In conclusion, toy companies need to develop strong strategies for managing data through enhanced encryption and tokenization systems, as well as ensuring data is channeled through secure networks. Otherwise, your child’s toys might become more dangerous than Sid Phillips’ mutilated toy hybrids from the original Toy Story.

In my first post about the Internet of Toys, I mentioned how I was planning to buy a connected toy as a Christmas present for my young son. However, in light of this news, I’m now starting to reconsider my decision. What do you think? Let us know your thoughts by tweeting to us @Gemalto.