Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

The Internet of Toys Tim Henwood
11 December 2015 at 14:51

tractor

While our fridges, toasters and socks are learning how to talk to each other, so is Barbie. While governments are finding new ways to watch what we do, how we interact and how we talk to each other, so is Barbie. And on Christmas day, while we are listening to our children run in squealing, excited circles, so will Barbie.

You see, Barbie isn’t just an oddly proportioned doll anymore. Now she’s “ready to discuss anything in an outfit that blends trendy and techie for a cool look” thanks to cloud-powered speech recognition.

And she’s not alone. As tech gets ‘smarter’, so do our toys. It is Wi-Fi this, and app that, all over the toy store now.

But sometimes with smarts, you’re getting more than you bargained for.

Breach hazard

Under the hood, Barbie isn’t just a conduit to some speech recognition servers across the ocean. She’s also a security risk.

This is because Mattel isn’t an information security expert. It is a company that just want to make cool toys. That means it is really likely that people will find vulnerabilities in the software; vulnerabilities that expose user data to people that shouldn’t be able to see it.

To further illustrate the point, in recent weeks, we have seen a breach out of the Hong Kong company, Vtech. Vtech makes a variety of techy toys, including a range of tablets aimed at children.

These tablets are pretty much lo-fi versions of the Android or Apple tablets parents have become increasingly tethered to, but offer a restricted environment and set of apps within a cloud system run by Vtech.

And it’s that cloud system that had the problem. They hadn’t stored the information well, and the personal data of 4.8 million parents and 6.3 million children - including pictures of parents and kids and chat logs - were exposed. More than two thousand of those children are from New Zealand.

The story is still developing. People are still working out what to do next. Vtech is still working out what to do next. Meanwhile, the Privacy Commissioner in Hong Kong and authorities in the United States are investigating the breach. This, at least, is one silver lining. It shows that there are remedies for international breaches with offices like ours working to get good outcomes for consumers.

But the story remains, for now, a pretty stark reminder that many toys are no longer only toys - instead they’re a relationship with a company.

Parental supervision required

We might want to be aware of this when we’re out doing the Christmas shopping.

And this doesn’t extend just to toys, but to anything Internet-connected. What information are we giving out? Who are we giving it to? Do we trust them? What will they do with it? What are we signing up for?

It’s important that we ask these questions. We’re asking them on behalf of our children.

Image credit: Toy Steamroller from Te Papa Tongarewa Collections Online.

, ,

Back