Life and politics from the Sunshine State's best city

Bill Nelson warning about cyber attack vulnerability of toys

in Statewide/Top Headlines by

A number of popular internet-connected toys including children’s tablets, a talking stuffed bear and smartwatches are vulnerable to hacking that could expose information about the child and the parents’ credit cards, according to a new cautionary report released Wednesday by U.S. Sen. Bill Nelson.

Nelson’s report, “Children’s Connected Toys: Data Security and Privacy Concerns,” which he produced as ranking member of the U.S. Senate’s Committee on Commerce, Science and Transportation, reports that a toy tablet maker already has been hacked and other popular smart toy products’ companies appear to have similar vulnerabilities.

The late 2015 hack was at VTech Electronics, a leading manufacturer of electronic learning toys and baby monitors, reportedly expensing the personal information of more than 6 million children around the globe, including their names, genders and birth dates, as well as photographs and account passwords.

Nelson’s report also specifically cites security flaws found in two other popular children’s toys — Fisher-Price’s Smart Toy Bear and hereO’s GPS watch — which could have exposed not only a child’s personal information but in the case of the GPS watch, a child’s real-time physical location as well.

“It’s frightening to think that our children’s toys can be used against them in this way,” Nelson, the Florida Democrat, stated in a news release Wednesday. “The companies that make these toys have to do more to safeguard the parents and children who use them.”

The report warns that there appears to be an increased in hacker activity targeting children, despite heightened federal law to protect children’s privacy.

“A number of factors make children a particularly attractive target for identity thieves,” the report states. “A child’s identity is a “blank slate” that can be fraudulently used over a long period of time without detection. Parents generally do not monitor their children’s credit histories and thus may not know for years that an identity thief has victimized their child.

“Personal information about children may also be more readily available as children and parents often fail to appreciate the potential consequences of sharing this information through social media or connected toys and devices.”

Nelson cautioned parents to consider the risks during the holiday season. According to the report, various internet-connected toys have been shown to collect and thereby put at risk a variety of information, including:

* a child’s name, birth date, gender, profile picture, chat messages, call logs and internet history;

* parents’ email address, gender, profile picture, chat messages, credit card information, phone number, Wi-Fi password and IP address.

Nelson’s report said other companies’ products also appear to be vulnerable.

He cautioned that, if possible, parents buying any smart toy should learn in advance what personal information the toy will collect, how that information will be used, whether it will be shared with others outside the toy manufacturer, and how long it will be retained. This information can usually be found in the toy’s privacy policy, the long, small-print legal statement many consumers typically ignore.

Parents, Nelson urged, also should change default passwords that come with toys and install any available software updates; and change, if possible, the toy’s default privacy settings to limit the amount of personal information it provides to the manufacturer, allowing only information necessary for the toy to function.

Comments

comments

Scott Powers is an Orlando-based political journalist with 30+ years’ experience, mostly at newspapers such as the Orlando Sentinel and the Columbus Dispatch. He covers local, state and federal politics and space news across much of Central Florida. His career earned numerous journalism awards for stories ranging from the Space Shuttle Columbia disaster to presidential elections to misplaced nuclear waste. He and his wife Connie have three grown children. Besides them, he’s into mystery and suspense books and movies, rock, blues, basketball, baseball, writing unpublished novels, and being amused. Email him at scott@floridapolitics.com.

Latest from Statewide

Show Buttons
Hide Buttons
Go to Top