News / USA

    Something New to Worry About: Connected Toy Security

    FILE - The hereO GPS watch for children and its accompanying mapping app are displayed at the International Consumer Electronics show (CES) in Las Vegas, Nevada, Jan. 4, 2015.
    FILE - The hereO GPS watch for children and its accompanying mapping app are displayed at the International Consumer Electronics show (CES) in Las Vegas, Nevada, Jan. 4, 2015.
    Associated Press

    Your smartphone or tablet is most likely pretty secure — not perfect, maybe, but generally unlikely to be hacked or to store, say, your email where other people could read it.

    The same can't be said for any Internet-connected toys you may have purchased for your kids. Recently discovered security flaws in a pair of such toys highlight just how badly the toy industry has neglected such problems, theoretically exposing kids to online threats.

    While major crimes teeming from the hack of a connected toy haven't yet surfaced, some experts argue that it's only a matter of time.

    Kids "aren't expected to be Internet security experts and neither are their parents," said Tod Beardsley, security research manager for Rapid7 Inc., the Boston-based cybersecurity firm that published the toy-security research on Tuesday.

    Rapid7 researchers examined the Fisher Price Smart Toy, an interactive stuffed animal for children aged 3 to 8 that connects to the Internet via Wi-Fi.

    They also took a look at HereO, a GPS smartwatch that allows parents to track their child's location. In both cases, they found that the toys failed to safeguard children's information such as their names and in the case of the watch, their location, storing it on remote servers in such a way that unauthorized people could access it by masquerading as legitimate users.
    After researchers informed the manufacturers of the flaws, the companies quickly fixed the problems.

    Mattel Inc., which owns the Fisher Price brand, released a statement Monday emphasizing that it has no evidence that anyone actually stole any customer information because of the flaw. Eli Shemesh, chief technology officer for Cyprus-based hereO, released a statement saying that security remains paramount for his company, adding that the security flaw was fixed quickly and before the watches started shipping to customers.

    Those security problems are far from unique, said Mark Stanislav, Rapid7's manager of global services and the researcher who discovered the flaws.

    Reports of connected-toy vulnerabilities have been rife in recent months, a trend he expects to continue to worsen as more connected toys hit the market.

    Toy makers need to be "building security in at the development phase," Stanislav said in a statement.

    Like many connected devices, the Fisher Price toy runs a version of Google's Android operating system, the same software that powers many smartphones and tablets. Beardsley, however, said toy makers don't have the same commitment to security that a major tech company would have.

    "I would be shocked if any Android-based toy didn't have any problems," he said.

    Apple, whose iPhones and iPads are the biggest rivals to Android devices, doesn't license its mobile software for use in toys.

    Toy-related security problems began to grab headlines late last year, when kid's tech maker VTech announced that one of its databases had been hacked, exposing the names, ages and genders of more than 6 million children who used the company's toys.

    As the number of connected toys continues to grow, so will the number of hackings, says Bridget Karlin, managing director of Intel Corp.'s Internet of things group. Intel's chips power a slew of connected devices, including a GPS smartwatch for kids, similar to the HereO, that's set to go on sale later this year.

    Karlin says that while the odds of any particular toy being hacked may be very low, most of the attacks are random. That means building in security from the ground up, starting at the silicon level.

    In the case of the Fisher Price toy — which is sold as a stuffed bear, panda or monkey and retails for about $100 — the researchers found that the toy's software and applications weren't appropriately verifying who was trying to access its information. That could theoretically expose a child's name, birthday, spoken language and gender.

    Of course, those tidbits of information aren't necessarily secret. But hackers could theoretically amass enough of them to create a phishing scheme aimed at financial fraud or identity theft down the road. In theory, the information could also be used to pull off the abduction of a child, though experts say the chance of that remains slim.

    The same flaw also could allow an attacker to effectively take control of the device to do things such as change the account information, or monitor whether a child is playing with it or if an adult is using the related mobile app, the researchers said.

    The HereO smartwatch is marketed as a safety device for children aged three to 12 and creates a kind of social network that's restricted to invited family and friends.

    The brightly colored watch has both a cellular and GPS connection, allowing parents to monitor a child's location through a mobile app. Features include messaging, location alerts and a panic button. The watch, which costs $179 in the U.S. plus a $4.95 per month monitoring fee, recently started shipping to customers around the world.

    Rapid7 says its researchers found a way attackers could trick the watch into adding them onto a given family's account. That would give them access to the entire family's location history and profile details and even the ability to message parents or their kids.

    You May Like

    In Britain, The Sun Still Doesn’t Shine

    Invoking Spitfires and Merlin, Leave voters insist country can be great again, following surprising 'Brexit' vote last week

    Double Wave of Suicide Bombings Puts Lebanon, Refugees on Edge

    Following suicide bombings in Christian town of Al-Qaa, on Lebanon's northeast border with Syria, fears of further bombings have risen

    US Senators Warned on Zika After Failing to Pass Funding

    Zika threats and challenges, as well as issues of contraception and vaccines, spelled out as lawmakers point fingers

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Slow Rebuilding Amid Boko Haram Destruction in Nigeria’s Northeasti
    X
    June 29, 2016 6:15 PM
    Military operations have chased Boko Haram out of towns and cities in Nigeria’s northeast since early last year. But it is only recently that people have begun returning to their homes in Adamawa state, near the border with Cameroon, to try to rebuild their lives. For VOA, Chris Stein traveled to the area and has this report.
    Video

    Video Slow Rebuilding Amid Boko Haram Destruction in Nigeria’s Northeast

    Military operations have chased Boko Haram out of towns and cities in Nigeria’s northeast since early last year. But it is only recently that people have begun returning to their homes in Adamawa state, near the border with Cameroon, to try to rebuild their lives. For VOA, Chris Stein traveled to the area and has this report.
    Video

    Video Clinton Leads Trump, But Many Voters Don't Like Either

    In the U.S. presidential race, most recent polls show Democrat Hillary Clinton with a steady lead over Republican Donald Trump as both presumptive party nominees prepare for their party conventions next month. Trump’s disapproval ratings have risen in some recent surveys, but Clinton also suffers from high negative ratings, suggesting both candidates have a lot of work to do to improve their images before the November election. VOA National correspondent Jim Malone has more from Washington.
    Video

    Video New US Ambassador to Somalia Faces Heavy Challenges

    The new U.S. envoy to Somalia, who was sworn into office Monday, will be the first American ambassador to that nation in 25 years. He will take up his post as Somalia faces a number of crucial issues, including insecurity, an upcoming election, and the potential closure of the Dadaab refugee camp in Kenya. VOA’s Jill Craig asked Somalis living in Kenya’s capital city Nairobi how they feel about the U.S. finally installing a new ambassador.
    Video

    Video At National Zoo, Captivating Animal Sculptures Illustrate Tragedy of Ocean Pollution

    The National Zoo in Washington, D.C., is home to about 1,800 animals, representing 300 species. But throughout the summer, visitors can also see other kinds of creatures there. They are larger-than-life animal sculptures that speak volumes about a global issue — the massive plastic pollution in our oceans. VOA's June Soh takes us to the zoo's special exhibit, called Washed Ashore: Art to Save the Sea.
    Video

    Video Baghdad Bikers Defy War with a Roar

    Baghdad is a city of contradictions. War is a constant. Explosions and kidnappings are part of daily life. But the Iraqi capital remains a thriving city, even if a little beat up. VOA's Sharon Behn reports on how some in Baghdad are defying the stereotype of a nation at war by pursuing a lifestyle known for its iconic symbols of rebellion: motorbikes, leather jackets and roaring engines.
    Video

    Video Melting Pot of Immigrants Working to Restore US Capitol Dome

    The American Iron Works company is one of the firms working to renovate the iconic U.S. Capitol Dome. The company employs immigrants of many different cultural and national backgrounds. VOA’s Arman Tarjimanyan has more.
    Video

    Video Testing Bamboo as Building Material

    For thousands of years various species of bamboo - one of the world's most versatile plants - have been used for diverse purposes ranging from food and medicine to textiles and construction. But its use on a large scale is hampered because it's not manufactured to specific standards but grown in the ground. A University of Pittsburgh professor is on track to changing that. VOA’s George Putic reports.
    Video

    Video Orphanage in Iraqi City Houses Kids Who Lost their Parents to Attacks by IS

    An orphanage in Iraqi Kurdistan has become home to scores of Yazidi children who lost their parents after Islamic State militants took over Sinjar in Iraq’s Nineveh Province in 2014. Iraqi Kurdish forces backed by the U.S. airstrikes have since recaptured Sinjar but the need for the care provided by the orphanage continues. VOA’s Kawa Omar filed this report narrated by Rob Raffaele.
    Video

    Video Re-Opening Old Wounds in a Bullet-Riddled Cultural Landmark

    A cultural landmark before Lebanon’s civil war transformed it into a nest of snipers, Beirut’s ‘Yellow House’ is once again set to play a crucial role in the city.  Built in a neo-Ottoman style in the 1920s, in September it is set to be re-opened as a ‘memory museum’ - its bullet-riddled walls and bunkered positions overlooking the city’s notorious ‘Green Line’ maintained for posterity. John Owens reports from Beirut.
    Video

    Video Brexit Resounds in US Presidential Contest

    Britain’s decision to leave the European Union is resounding in America’s presidential race. As VOA’s Michael Bowman reports, Republican presumptive nominee Donald Trump sees Britain’s move as an affirmation of his campaign’s core messages, while Democrat Hillary Clinton sees the episode as further evidence that Trump is unfit to be president.
    Video

    Video NASA Juno Spacecraft, Nearing Jupiter, to Shed Light on Gas Giant

    After a five-year journey, the spacecraft Juno is nearing its destination, the giant planet Jupiter, where it will enter orbit and start sending data back July 4th. As Mike O'Sullivan reports from Pasadena, California, the craft will pierce the veil of Jupiter's dense cloud cover to reveal its mysteries.
    Video

    Video Orlando Shooting Changes Debate on Gun Control

    It’s been nearly two weeks since the largest mass shooting ever in the United States. Despite public calls for tighter gun control laws, Congress is at an impasse. Democratic lawmakers resorted to a 1960s civil rights tactic to portray their frustration. VOA’s Carolyn Presutti explains how the Orlando, Florida shooting is changing the debate.

    Special Report

    Adrift The Invisible African Diaspora