FBI Issues Warning on Internet-Connected Toys

toys2

The FBI has issued a consumer notice warning that internet-connected toys could pose a privacy and contact threat to children, because of the large amount of personal information that may be unknowingly revealed.

The FBI is urging consumers to consider cybersecurity before introducing smart, interactive and internet-connected toys into their homes or private environments.

“Smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interactions,” the public service announcement states. “These toys typically contain sensors, microphones, cameras, data storage components and other multimedia capabilities — including speech recognition and GPS options.”

The consumer notice says microphones could record or collect conversations, and information including “a child’s name, school, likes and dislikes and activities may be disclosed through normal conversation with the toy or in the surrounding environment.”  

Similarly, “the collection of a child’s personal information combined with a toy’s ability to connect to the internet or other devices raises concerns for privacy and physical safety.” Personal information, such as a child’s name, date of birth and pictures, is often provided when creating user accounts. Furthermore, companies collect large amounts of data, including past and current physical locations, internet use history, and internet addresses/IPs. The FBI warns that the exposure of this kind of information can lead to child identity fraud. Plus, the misuse of data such as GPS location, known interests and visual identifiers from videos or pictures, could lead to exploitation or contact risks.

The FBI recommends that consumers should “examine toy company user agreement disclosures and privacy practices, and should know where their family’s personal data is sent and stored, including if it’s sent to third-party services.”

The FBI also recommends that parents should research toys and:

  • See if there are any known security issues;
  • “Only connect and use toys in environments with trusted and secured WiFi internet access”;
  • Monitor children’s activities with the toys;
  • Make sure the toy is turned off when not in use, especially if the toy utilizes microphones or cameras; and
  • Use strong and unique passwords when logging in or creating user accounts.

The Children’s Online Privacy Protection Act (COPPA) does establish requirements for website and online service operators geared toward children under 13 years old. For COPPA rules, visit this site.

Also, on June 21, the Federal Trade Commission (FTC) updated its rules to comply with COPPA. Those rules can be viewed here.

If you think your child’s toy might have been compromised, you can file a complaint with the Internet Crime Complaint Center at www.IC3.gov.

To read the full public service announcement, visit this site. If you have questions, the FBI says you should ask your local FBI field office. A list of local field office locations is located here.

About the Author

Richard Chang is associate editor of THE Journal. He can be reached at [email protected].

Featured

  • students using digital devices, surrounded by abstract AI motifs and soft geometric design

    Ed Tech Startup Kira Launches AI-Native Learning Platform

    A new K-12 learning platform aims to bring personalized education to every student. Kira, one of the latest ed tech ventures from Andrew Ng, former director of Stanford's AI Lab and co-founder of Coursera and DeepLearning.AI, "integrates artificial intelligence directly into every educational workflow — from lesson planning and instruction to grading, intervention, and reporting," according to a news announcement.

  • toolbox featuring a circuit-like AI symbol and containing a screwdriver, wrench, and hammer

    Microsoft Launches AI Tools for Educators

    Microsoft has introduced a variety of AI tools aimed at helping educators develop personalized learning experiences for their students, create content more efficiently, and increase student engagement.

  • laptop displaying a red padlock icon sits on a wooden desk with a digital network interface background

    Reports Point to Domain Controllers as Prime Ransomware Targets

    A recent report from Microsoft reinforces warns of the critical role Active Directory (AD) domain controllers play in large-scale ransomware attacks, aligning with U.S. government advisories on the persistent threat of AD compromise.

  • Two hands shaking in the center with subtle technology icons, graphs, binary code, and a padlock in the dark blue background

    Two Areas for K-12 Schools to Assess for When to Work with a Managed Services Provider

    The complexity of today’s IT network infrastructure and increased cybersecurity risk are quickly moving beyond many school districts’ ability to manage on their own. But a new technology model, a partnership with a managed services provider, offers a way forward for schools to overcome these challenges.