A security review of eight popular internet toys found “widespread security and privacy weaknesses,” per a new report shared first with Axios from Mozilla Foundation and cybersecurity consultant 7ASecurity.
Why it matters: Connected toys like tablets, smartwatches, and robots now store everything from a kid’s photos to their location, raising serious privacy concerns and creating new vulnerabilities for hackers and other bad actors.
What’s inside: “Across the smart toys audited for this report, 7ASecurity found widespread security and privacy weaknesses,” the report reads.
- “In practical terms, that means many toys marketed for children could be misused to spy on families, manipulate what kids hear or see, or expose sensitive data.”
The toys on 7ASecurity’s list are:
- Amazon Fire Kids Tablet
- Emo Robot
- Huawei Watch Kids 4
- PlayShifu Plugo Count
- TickTalk 5
- Powerup 4.0 Airplane
- Sphero Mini Activity Kit
- GoCube Edge
Security risks include hackers being potentially able to:
- Hijack the speakers of a toy and talk back if kids are using an insecure WiFi network
- Access location data and other personal information like names, birthdates and phone numbers
- Use a Bluetooth-connected toy to remotely control the toy if they’re in pairing range
7ASecurity said it chose toys to research based on popularity with shoppers around the world.
The big picture: The report comes at a time when lawmakers are raising serious concerns about smart toys.
- Sens. Marsha Blackburn (R-Tenn.) and Richard Blumenthal (D-Conn.) wrote to the CEOs of six companies this week demanding answers on safeguards for children using AI-enabled toys.
- “Not only are these products potentially dangerous, but they also collect sensitive data on American families,” the senators wrote.
