The problem of toys that could be used for spying, tracking and even directly communicating with children thanks to their low hacking security is growing, experts say, even despite Federal Network Agency (FNA) bans on some Internet-connected toys.
In January 2017, the FNA banned My Friend Cayla, a doll distributed in the US by Genesis, and even urged the parents to destroy the dolls entirely: its susceptibility to hacks earned it an official "illegal espionage apparatus" status.
The doll, manufactured by toy giant Hasbro, can be hacked via Bluetooth by a hacker that is within 100 feet of the toy, a group of researchers from Which?, a British charity, and the German consumer group Stiftung Warentest, have found.
But the threat is not limited to Furby alone. There is also Q50, a smart watch made for children. Initially designed as a parent's aid in tracking their children and even communicating with them directly, they are also a welcome tool for hackers. Poor security allows the malefactor to "intercept all communications, remotely listen to the child's surroundings and spoof the child's location," according to a report by Top10VPN, a consumer research company.
The problem has even attracted the attention of the FBI, which has released a set of recommendations on how the parents should use the Internet-connected toys. The FBI urged parents to familiarize themselves with how exactly the toy works: if a toy connects wirelessly through Bluetooth, it should require some type of unique pin or password, to make sure that connection is secure, for example. And if a toy records and stores data, parents should make sure how and where exactly this data is stored and check on how well the toy manufacturer protects the user's personal data.