News / USA

    Something New to Worry About: Connected Toy Security

    FILE - The hereO GPS watch for children and its accompanying mapping app are displayed at the International Consumer Electronics show (CES) in Las Vegas, Nevada, Jan. 4, 2015.
    FILE - The hereO GPS watch for children and its accompanying mapping app are displayed at the International Consumer Electronics show (CES) in Las Vegas, Nevada, Jan. 4, 2015.
    Associated Press

    Your smartphone or tablet is most likely pretty secure — not perfect, maybe, but generally unlikely to be hacked or to store, say, your email where other people could read it.

    The same can't be said for any Internet-connected toys you may have purchased for your kids. Recently discovered security flaws in a pair of such toys highlight just how badly the toy industry has neglected such problems, theoretically exposing kids to online threats.

    While major crimes teeming from the hack of a connected toy haven't yet surfaced, some experts argue that it's only a matter of time.

    Kids "aren't expected to be Internet security experts and neither are their parents," said Tod Beardsley, security research manager for Rapid7 Inc., the Boston-based cybersecurity firm that published the toy-security research on Tuesday.

    Rapid7 researchers examined the Fisher Price Smart Toy, an interactive stuffed animal for children aged 3 to 8 that connects to the Internet via Wi-Fi.

    They also took a look at HereO, a GPS smartwatch that allows parents to track their child's location. In both cases, they found that the toys failed to safeguard children's information such as their names and in the case of the watch, their location, storing it on remote servers in such a way that unauthorized people could access it by masquerading as legitimate users.
    After researchers informed the manufacturers of the flaws, the companies quickly fixed the problems.

    Mattel Inc., which owns the Fisher Price brand, released a statement Monday emphasizing that it has no evidence that anyone actually stole any customer information because of the flaw. Eli Shemesh, chief technology officer for Cyprus-based hereO, released a statement saying that security remains paramount for his company, adding that the security flaw was fixed quickly and before the watches started shipping to customers.

    Those security problems are far from unique, said Mark Stanislav, Rapid7's manager of global services and the researcher who discovered the flaws.

    Reports of connected-toy vulnerabilities have been rife in recent months, a trend he expects to continue to worsen as more connected toys hit the market.

    Toy makers need to be "building security in at the development phase," Stanislav said in a statement.

    Like many connected devices, the Fisher Price toy runs a version of Google's Android operating system, the same software that powers many smartphones and tablets. Beardsley, however, said toy makers don't have the same commitment to security that a major tech company would have.

    "I would be shocked if any Android-based toy didn't have any problems," he said.

    Apple, whose iPhones and iPads are the biggest rivals to Android devices, doesn't license its mobile software for use in toys.

    Toy-related security problems began to grab headlines late last year, when kid's tech maker VTech announced that one of its databases had been hacked, exposing the names, ages and genders of more than 6 million children who used the company's toys.

    As the number of connected toys continues to grow, so will the number of hackings, says Bridget Karlin, managing director of Intel Corp.'s Internet of things group. Intel's chips power a slew of connected devices, including a GPS smartwatch for kids, similar to the HereO, that's set to go on sale later this year.

    Karlin says that while the odds of any particular toy being hacked may be very low, most of the attacks are random. That means building in security from the ground up, starting at the silicon level.

    In the case of the Fisher Price toy — which is sold as a stuffed bear, panda or monkey and retails for about $100 — the researchers found that the toy's software and applications weren't appropriately verifying who was trying to access its information. That could theoretically expose a child's name, birthday, spoken language and gender.

    Of course, those tidbits of information aren't necessarily secret. But hackers could theoretically amass enough of them to create a phishing scheme aimed at financial fraud or identity theft down the road. In theory, the information could also be used to pull off the abduction of a child, though experts say the chance of that remains slim.

    The same flaw also could allow an attacker to effectively take control of the device to do things such as change the account information, or monitor whether a child is playing with it or if an adult is using the related mobile app, the researchers said.

    The HereO smartwatch is marketed as a safety device for children aged three to 12 and creates a kind of social network that's restricted to invited family and friends.

    The brightly colored watch has both a cellular and GPS connection, allowing parents to monitor a child's location through a mobile app. Features include messaging, location alerts and a panic button. The watch, which costs $179 in the U.S. plus a $4.95 per month monitoring fee, recently started shipping to customers around the world.

    Rapid7 says its researchers found a way attackers could trick the watch into adding them onto a given family's account. That would give them access to the entire family's location history and profile details and even the ability to message parents or their kids.

    You May Like

    Post-White House, Obamas to Rent Washington Mansion

    Nine-bedroom home is 3 kilometers from Oval Office, near capital's Embassy Row; rent estimated at around $22,000 a month

    Red Planet? Not so much!

    New research suggest that Mars is in a warm period between cyclical ice ages, and that during Ice Age Maximum over 500,000 years ago, the red planet was decidedly ice, and much whiter to the naked eye.

    Taj Mahal Battles New Threat from Insects

    Swarms of insects are proliferating in the heavily contaminated waters of the Yamuna River, which flows behind the 17th century monument

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Vietnamese-American Youth Optimistic About Obama's Visit to Vietnami
    X
    Elizabeth Lee
    May 22, 2016 6:04 AM
    U.S. President Barack Obama's visit to Vietnam later this month comes at a time when Vietnam is seeking stronger ties with the United States. Many Vietnamese Americans, especially the younger generation, are optimistic Obama’s trip will help further reconciliation between the two former foes. Elizabeth Lee has more from the community called "Little Saigon" located south of Los Angeles.
    Video

    Video Vietnamese-American Youth Optimistic About Obama's Visit to Vietnam

    U.S. President Barack Obama's visit to Vietnam later this month comes at a time when Vietnam is seeking stronger ties with the United States. Many Vietnamese Americans, especially the younger generation, are optimistic Obama’s trip will help further reconciliation between the two former foes. Elizabeth Lee has more from the community called "Little Saigon" located south of Los Angeles.
    Video

    Video First-generation, Afghan-American Student Sets Sights on Basketball Glory

    Their parents are immigrants to the United States. They are kids who live between two worlds -- their parents' homeland and the U.S. For many of them, they feel most "American" at school. It can be tricky balancing both worlds. In this report, produced by Beth Mendelson, Arash Arabasadi tells us about one Afghan-American student who seems to be coping -- one shot at a time.
    Video

    Video Newest US Citizens, Writing the Next Great Chapter

    While universities across the United States honor their newest graduates this Friday, many immigrants in downtown Manhattan are celebrating, too. One hundred of them, representing 31 countries across four continents, graduated as U.S. citizens, joining the ranks of 680,000 others every year in New York and cities around the country.
    Video

    Video Vietnam Sees Strong Economic Growth Despite Incomplete Reforms

    Vietnam has transformed its communist economy to become one of the world's fastest-growing nations. While the reforms are incomplete, multinational corporations see a profitable future in Vietnam and have made major investments -- as VOA's Jim Randle reports.
    Video

    Video Qatar Denies World Cup Corruption

    The head of Qatar’s organizing committee for the 2022 World Cup insists his country's bid to host the soccer tournament was completely clean, despite the corruption scandals that have rocked the sport’s governing body, FIFA. Hassan Al-Thawadi also said new laws would offer protection to migrants working on World Cup construction projects. VOA's Henry Ridgwell reports.
    Video

    Video Infrastructure Funding Puts Cambodia on Front Line of International Politics

    When leaders of the world’s seven most developed economies meet in Japan next week, demands for infrastructure investment world wide will be high on the agenda. Japanese Prime Minister Shinzo Abe’s push for “quality infrastructure investment” throughout Asia has been widely viewed as a counter to the rise of Chinese investment flooding into region.
    Video

    Video Democrats Fear Party Unity a Casualty in Clinton-Sanders Battle

    Democratic presidential front-runner Hillary Clinton claimed a narrow victory in Tuesday's Kentucky primary even as rival Bernie Sanders won in Oregon. Tensions between the two campaigns are rising, prompting fears that the party will have a difficult time unifying to face the presumptive Republican nominee, Donald Trump. VOA national correspondent Jim Malone has more from Washington.
    Video

    Video Portrait of a Transgender Marriage: Husband and Wife Navigate New Roles

    As controversy continues in North Carolina over the use of public bathrooms by transgender individuals, personal struggles with gender identity that were once secret are now coming to light. VOA’s Tina Trinh explored the ramifications for one couple as part of trans.formation, a series of stories on transgender issues.
    Video

    Video Amerikan Hero Flips Stereotype of Middle Eastern Character

    An Iranian American comedian is hoping to connect with American audiences through a film that inverts some of Hollywood's stereotypes about Middle Eastern characters. Sama Dizayee reports.
    Video

    Video Budding Young Inventors Tackle City's Problems with 3-D Printing

    Every city has problems, and local officials and politicians are often frustrated by their inability to solve them. But surprising solutions can come from unexpected places. Students in Baltimore. Maryland, took up the challenge to solve problems they identified in their city, and came up with projects and products to make a difference. VOA's June Soh has more on a digital fabrication competition primarily focused on 3-D design and printing. Carol Pearson narrates.

    Special Report

    Adrift The Invisible African Diaspora