10 tips to protect your kids’ toys from hackers this holiday season

Long gone are the days when the biggest worry about ripping open a new electronic toy for the holidays is whether batteries would be included.

Internet technology has imbued the toy industry like never before. Yet along with those advances comes a new set of security risks, says M. Eric Johnson, a widely recognized IT security researcher and dean of Vanderbilt’s Owen Graduate School of Management.

“These new bells and whistles may excite children, and they help toy retailers appeal to an increasingly tech-savvy generation,” Johnson said. “But they also invite a range concerns around hacking, surveillance, and data privacy. In the wrong hands, toys can be used to stalk children or steal a parent’s identity.”

Toys that connect to a wireless network or to a personal computer have become part of the Internet of Things, Johnson said, exposing them to remote attacks from anywhere in the world. He points to several recent examples:

As the holidays draw near, Johnson has developed a list of 10 things parents can do to help ensure that these toys aren’t leaving them vulnerable to security flaws:

  1. Never leave toys on and connected to the internet when not in use.
  2. Power toys down when not in use to be sure they are not being used for eavesdropping.
  3. Never allow young children to peruse the internet unsupervised using connected toys.
  4. Scrutinize any web-based applications that collect sensitive information like addresses, birthdates, or family names. Share as little information as possible – there is almost never a consumer benefit to sharing personal information and it’s impossible to know where it may end up.
  5. Parents should maintain passwords and user names for toys, games, websites or social media used by children and routinely check them.
  6. Do your research. Google the toy’s name to search for known security risks. Check FBI alerts. Investigate whether personal information is being stored in the cloud.
  7. Limit Bluetooth-enabled toys in public places like airports, schools, or malls.
  8. Only connect toys to secure and trusted WiFi networks.
  9. Consider home network protection systems that guard against malware, stolen passwords, spying, and other potential hazards from infiltrating internet-enabled devices, including toys.
  10. Remember that toy makers typically have limited technology budgets and rarely have robust IT security systems in place. Even devices that manufacturers say are secure can be hacked or reverse engineered with enough effort. There are always risks.ITd