The “Future of Play” Needs to be Secure

By Joyce Deuley

The Holiday Shopping Season is upon us again and the IoT is doing wonders for the consumer electronics space. Smart gadgets of all shapes and sizes are available for the harried families desperate to find the latest tech on the market—and children’s toys are no exception. The Internet of Things is becoming incorporated into smart children’s toys, many of which are meant to further enrich children’s experiences with them overall as well as to boost the benefits of educated play.

One such minded company, Dynepic, is intent on building the IoToys™ (Internet of Toys™), “an open playground to connect toys with a common language, cloud content, and applications for new and interconnected play patterns.” Essentially the company’s main goal is to make toys smart and, thusly, make kids even smarter through play. IoToys is focused on making it easy for developers and toy manufacturers to add safe features for their applications, games and toys; some of these include ensuring the product is COPPA complaint, the ability for parents/guardians to monitor usage via a parental dashboard, as well as providing play analytics information. Through smart play and the IoT, Dynepic is seeks to recruit “other toy manufacturers, cloud service providers, and game developers to join them in creating the future of play.” (Dynepic).

Some of these “smart” toys include Vortex, a robot that can be controlled via mobile app that also teaches children basic programing; and Fisher Price’s Oslo, a “high-tech” plush animal that can speak to children and uses imaging technology to “read” activity Smart Cards; etc. Most notably, though, would be Mattel’s Hello Barbie. Hello Barbie leverages deep learning capabilities and speech recognition software to hold engaging conversations with children, cataloguing their responses to use in future prompts. Much like Siri, Hello Barbie can suggest activities or ask the child questions and more. (Indeed, what a great time to be alive—it makes it hard not to be dismissive of the boring, static Barbie dolls from ages past.)

Yet despite the strides that toy manufacturers and app developers are making in the smart toy markets, the “future of play” isn’t as bright or as innocent as it may seem.

This week smart toy manufacturer, VTech, suffered one of the biggest cyber attacks that exposed data of 6.4 million children and 4.9 million adults. The stolen profile information included the children’s names, gender and birth dates, while the adults’ information provided email addresses, passwords and security questions/answers, and mailing addresses.

And while Hello Barbie is the most advanced Barbie yet, she seems to be one hackable doll.  A researcher discovered that Hello Barbie has a weakness that could be exploited to steal children’s information very similar to what happened to VTech, though nothing has happened—yet. However, Mattel and its partner ToyTalk are already on the case and have put out a “bug bounty (CNET) in order to prevent any future leaks.

Customer and business information theft already generates quite a bit of backlash and now that children’s toys are being targeted, the consumer electronics market could see even more backlash than before. Interweaving technology into our daily lives is only going to get more intricate, but security setbacks like VTech’s could do more harm than good, breeding mistrust and fear. Let’s just hope that more toy manufacturers will take a security by design approach, or at the very least, follow Mattel’s footsteps and initiate their own “bug bounties”. (Read the latest on Hello Barbie’s weaknesses).