Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

The Internet of Toys Tim Henwood
11 December 2015

tractor

While our fridges, toasters and socks are learning how to talk to each other, so is Barbie. While governments are finding new ways to watch what we do, how we interact and how we talk to each other, so is Barbie. And on Christmas day, while we are listening to our children run in squealing, excited circles, so will Barbie.

You see, Barbie isn’t just an oddly proportioned doll anymore. Now she’s “ready to discuss anything in an outfit that blends trendy and techie for a cool look” thanks to cloud-powered speech recognition.

And she’s not alone. As tech gets ‘smarter’, so do our toys. It is Wi-Fi this, and app that, all over the toy store now.

But sometimes with smarts, you’re getting more than you bargained for.

Breach hazard

Under the hood, Barbie isn’t just a conduit to some speech recognition servers across the ocean. She’s also a security risk.

This is because Mattel isn’t an information security expert. It is a company that just want to make cool toys. That means it is really likely that people will find vulnerabilities in the software; vulnerabilities that expose user data to people that shouldn’t be able to see it.

To further illustrate the point, in recent weeks, we have seen a breach out of the Hong Kong company, Vtech. Vtech makes a variety of techy toys, including a range of tablets aimed at children.

These tablets are pretty much lo-fi versions of the Android or Apple tablets parents have become increasingly tethered to, but offer a restricted environment and set of apps within a cloud system run by Vtech.

And it’s that cloud system that had the problem. They hadn’t stored the information well, and the personal data of 4.8 million parents and 6.3 million children - including pictures of parents and kids and chat logs - were exposed. More than two thousand of those children are from New Zealand.

The story is still developing. People are still working out what to do next. Vtech is still working out what to do next. Meanwhile, the Privacy Commissioner in Hong Kong and authorities in the United States are investigating the breach. This, at least, is one silver lining. It shows that there are remedies for international breaches with offices like ours working to get good outcomes for consumers.

But the story remains, for now, a pretty stark reminder that many toys are no longer only toys - instead they’re a relationship with a company.

Parental supervision required

We might want to be aware of this when we’re out doing the Christmas shopping.

And this doesn’t extend just to toys, but to anything Internet-connected. What information are we giving out? Who are we giving it to? Do we trust them? What will they do with it? What are we signing up for?

It’s important that we ask these questions. We’re asking them on behalf of our children.

Image credit: Toy Steamroller from Te Papa Tongarewa Collections Online.

2 comments

, , ,

Back

Comments

  • Thank you for the warning. I can see how this could be a security risk.

    Posted by Lynley, 16/12/2015 1:54pm (21 months ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

  • Why do Government Departments, want to spy on children within their home enviroment.I am really referencing the 'Toy' selection of which , I now longer know what to gift Great Grand
    children for fear of this type intrusion into 'The world of the young and innocent.' At least as adults we KNOW its happening, and can be more mindful of our speech on line.I do believe we as a country
    have become excessively Over Regulated. Thank you for the timely warning.

    Posted by Jill Cleggett, 19/12/2015 12:29am (20 months ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Latest Blog Entries