(I say, why on earth would anyone in their right mind bring a ‘toy’ into their home with so much potential for danger to your children and yourselves.  No decent, loving parents would allow a child molester to babysit their children, yet with a bit of hacker knowledge men can hone in on your vulnerable children.  Smarten-up world.  Protect the people you love.)

http://business.financialpost.com/fp-tech-desk/children-can-now-talk-to-their-toys-and-marketers-hackers-are-trying-to-listen-in

Children can now talk to their toys — and marketers, hackers are trying to listen in

 

Mark Lennihan/AP PhotoMattel Inc.’s Hello Barbie, a Wi-Fi enabled doll that talks to its owner, has created a lot of controversy, with headlines calling it “creepy,” “surveillance Barbie” and “every parent’s worst nightmare.” Your daughter rips open the wrapping paper and screams with excitement – it’s Talk To Me Tammy!

After connecting the doll to your home’s wireless network through a smartphone app, she and Tammy start chatting. Tammy tells her jokes, quizzes her on some math questions and says her favourite colour is pink. She asks your daughter lots of questions about her likes and dislikes, hopes and dreams, and family and friends.

The next day, you notice advertisements for products your daughter told Tammy she wants on your Facebook page. That’s because buried in Tammy’s terms of service — which you didn’t read — was a clause authorizing the toy company to sell the data Tammy collects to marketers.

Meanwhile, hackers who don’t want to pay the toy company for your daughter’s valuable data are working on a way to access it for free.

 

They’re breaking into the database in the cloud that stores your daughters’ conversations with Tammy, trying to piece together enough information to steal her identity in the hopes she won’t figure it out until she turns 18 and tries to apply for a credit card. They’re also working on a way to hijack Tammy’s microphone and speaker,

making it possible for strangers to say nasty things to your daughter and listen to your family whenever they want.

These risks aren’t just hypothetical. As smart toys such as Mattel Inc.’s Hello Barbie – a Wi-Fi enabled doll that talks to its owner – hit shelves, privacy and children’s rights advocates are raising concerns about how toy companies will use, store, and safeguard the data they collect.

Just last week, Hong Kong-based toymaker VTech Holdings Ltd. announced a hacker had compromised a database containing photos and personal information about 6.4 million children, including 316,000 in Canada.

And that story about the creep hacking into toys to harass children? It’s already happening too, with reports that Internet-connected baby monitors have been used to scream obscenities at infants surfacing over the past couple of years.

“The best toys are the toys where children have to use their imaginations, where if there’s pretend going on, the children are the ones generating the pretend play and the creativity,” Golin said. “Even if there weren’t all these privacy concerns and worries about these toys being hacked, I would recommend the toy that isn’t connected to the Internet.”

Of all the smart toys that are in development or have been recently released, Hello Barbie has created the most controversy. Even before the doll hit shelves in November, headlines called it “creepy,” “surveillance Barbie” and “every parent’s worst nightmare.”

Billed as “the first fashion doll that can have a two-way conversation with girls,” the toy is powered by technology from a company called ToyTalk that sends a child’s statements over the Internet, analyzes them and responds with one of 8,000 lines of dialogue stored in a cloud server.

 

Amazon.com Inc.’s Echo isn’t a toy – it’s a voice interaction device that can play music, set alarms and control other home smart devices – but it raises similar concerns about the collection and storage of children’s data and conversations.

Last spring, Google Inc. filed a patent for a smart teddy bear, equipped with cameras and microphones that drew comparisons to the super toy teddy in Steven Spielberg’s 2001 film AI.

Hello Barbie’s privacy policy states that ToyTalk, the company that provides the technology powering the doll, will only share data the toy gathers “when you give us your consent to do so.” In an emailed statement, ToyTalk’s head of communications Tom Sarris said the company only asks for such consent to improve the product, not sell the data to marketers — “We simply do not do that.”

But David Fewer, director of the Canadian Internet Policy and Public Interest Clinic and an intellectual property and technology lawyer, said he’s skeptical of such assurances.

Handout/VTechA VTech production line. The company, which makes electronic toys, was the victim of a hacking last week that exposed children’s data.

Still, as the VTech breach demonstrates, this legal protection is far from a guarantee your child’s data is safe. Brian Bourne, co-founder of the information technology security conference SecTor, said we partly have our own apathy to blame.

The problem with privacy-related transactions is we never really know the deal. We don’t know exactly what we’re giving up, we don’t know the cost to us

“People have understood for a long time that with Facebook, they’re giving up their privacy and being targeted (by marketers),” Bourne said. “You start to become numb.”

“You don’t have to put in your kids’ full, real name and full, real date of birth. The toy may ask you to put in those things, but you don’t have to,” he said. “When the VTech-type attack happens — which it will — the information lost is irrelevant to you. You change your password and move on.”

Financial Post

cbrownell@nationalpost.com

Advertisements