Web-connected toys and gadgets bought as Christmas presents could pose potential privacy and safety risks, warns the Information Commissioners Office (ICO).

Concerns have been raised in recent months that the growth in “smart” toys containing sensors, microphones, cameras, data storage and other multi-media capabilities could put the privacy and safety of children at risk.

ICO Deputy Commissioner Steve Wood said there are increasing fears over data protection, with it unclear how some of these products collect data, where it is stored and how it is being used. And the ICO wants parents to “consider data protection and privacy issues in the same way they would check on the safety of presents they are planning to give to their children”.

Parents already research the gifts they buy their children to make sure they are age-suitable and conform to the relevant safety standards, and manufactured by a reputable brand. Wood now wants parents to view privacy and data security as just one more of these checks, and for consumers to vote with their wallets and only buy from brands that protect people’s personal information.

A number of security firms have already released products designed to protect home networks specifically from attacks targeting Internet of Things (IoT) web-connected devices form lightbulbs to teddy bears. However, most home routers only offer the most basic protections and many toy manufacturers continue to take a lax approach to security by hard-coding usernames and passwords into their products, making them particularly vulnerable to attack.

To avoid some of these problems, Wood recommends that parents familiarise themselves with any web-connected presents they buy for their children before wrapping them up and putting them under the tree. This first setup should give parents a chance to check the security settings of the product, and change any passwords to something more secure that should help to keep away hackers.

The ICO offers eleven tips on how to have a safe and secure Christmas:

  1. Research the security of a product before buying – do your homework and only buy from reputable brands.
  2. Take care when shopping online – avoid scammers trying to steal your credit card details
  3. Take your time – buy in advance to give yourself time to check the gift before you wrap it
  4. Change passwords and usernames from default – choose something memorable but suitably strong
  5. Is your router secure? – make sure you are running up-to-date firmware and have switched on the firewall.
  6. If there’s a two-step identification option – use it
  7. Be camera aware – you never know who’s watching
  8. Location, location, location – make sure only you have access to the GPS information
  9. Bluetooth ache – it is not just WiFi that can be a security vulnerability, Bluetooth is another vector for hackers to target if left unsecured.
  10. Children have information rights too – have a conversation with your children about their digital rights and what they should and should not do.
  11. If in doubt, don’t splash out – if you are not convinced a smart toy will keep your child’s information secure, buy from one of their competitors or choose a different gift.

Comments are closed.