Looking for the perfect holiday gift for the kids in your life? How about a fuzzy knit sweater? Too itchy. A pair of mittens? They’ve probably got dozens. Some peppermint chocolates? Just think of the cavities.
When it comes to gift-giving in 2015, the magic word for both givers and receivers this year is technology. Kids and adults alike are pining for new technological gadgets that can do things most of us never dreamed of in holiday seasons of the past.
For example, this holiday season, you can find frying pans with sensors to tell you if your sirloin steak is cooked through, and apps that tell you went to stop pouring sugar into your mixing bowl. You can get smart alarm clocks that hide the ringer somewhere in your home so you have to get out of your bed to turn off the darned thing, and GPS-enabled dog collars so that the pup in your life never gets lost. You can also buy fitness trackers decorated with Swarovski crystals for stylish calorie counting. Oh, such fun!
When it comes to tech toys for kids, the selection is no less spectacular. There are dinosaurs that use speech-recognition to answers kids’ complicated questions, a revitalized ViewMaster that works with smartphones to create virtual reality experiences for kids, and a technologically enhanced version of Meccano, a toy long favored by many young engineers, that lets you build a robot and then control it with an app.
Though these toys are, without a doubt, awesome and exciting, each and every new device that is connected to the internet makes the attack surface for hackers much larger. And as we’ve mentioned before, the Internet of Things is full of dangers that were once inconceivable.
Each day, it seems like another networked device is recalled due to hacks of things that just should not be hackable. Like dolls. Remember when Barbie was just a Barbie? Sure, in the past, she could be an astronaut, teacher or presidential candidate, but one thing she couldn’t be was hacked. Until now. Hello Barbie is Mattel’s latest offering for the holiday season. Hello Barbie looks like your typical Barbie, but instead of saying cringe worthy lines like “Math is hard!” or “Let’s go shopping!”, she actually responds to the things kids say to her with Siri/Cortana-like technology. By way of the Barbie app, parents can listen to conversations between their kids and the doll.
Cool, right? Er, no, not so cool. Because Hello Barbie is frighteningly hackable. Barbie connects to any WiFi that has “Barbie” in the name, so it’s a snap for hackers to create their own rogue “Barbie” networks to intercept data. Once hackers have control of the doll, they can see all settings and stored information, and even program her to say whatever they want.
ToyTalk, creators of the speech recognition technology used in Hello Barbie, has fixed many of the issues they were raised by researchers at security firm BlueBox in November, but other issues remain. When and if they will be fixed remains unclear.
As if this wasn’t enough to scare you into getting your kids coloring books and perhaps a nice paper airplane modeling kit for the holidays, this past week brought another example of toys that that weren’t built with security in mind. Toy giant Vtech, maker of dozens of popular electronic toys, saw its “Kid Connect” service hacked.
Kid Connect functions sort of like Whatsapp, allowing kids and parents to chat together through the child’s Vtech device. A hacker (who wishes to remain anonymous) hacked into the Kid Connect servers to expose Vtech’s shocking security flaws, and show how easy it was for him to hack into the private photos and communications of millions of kids. Once inside the server, the hacker had access to stored information of millions of kids and their parents, including photos, names, birth dates, email and physical addresses, and genders. Why photos? According to motherboard.com, the first media outlet that interviewed the Vtech hacker, Vtech actually encourages kids to take photos with their device and upload them for use in cross-device avatars.
People potentially affected by the hack include anyone who downloaded elearning games via the Learning Lodge app, or anyone who uses Kid Connect. The hacker has promised to not do anything with the information, but said in his interview with Motherboard: “All the evidence suggested I wasn’t the only person outside of VTech who could have got the data.” This super sensitive information, in the hands of the wrong people (and generally speaking, hackers are the ultimate wrong people) could be used in so many horrific ways. On the darknet, this type of data can be sold for use in phishing ploys, identity fraud, and even child pornography.
Vtech says they are not only looking to fix the current security holes, but also hope to figure out how to strengthen its security for the future.
So what should you take away from all this in your pursuit for the perfect holiday gift?
1. For starters, when you set up any new networked device, think about the scope of the information you are putting into it, and determine if it’s all truly necessary. If a new gadget is asking for permissions that seem excessively invasive, don’t grant them.
2. Make sure to change manufacturer’s pre-set passwords, and make your new password is something unbreachable. This means it should be a completely random string of at least 8-12 letters and special characters.
3. Consider sticking with a not-so-smart toy if you’re not 100% sure about the security standards of the tech gadget you’re considering. Trust us, there are lots of amazing non-tech toys out there for sale.
4. Parental Controls are very important important when it comes to your PC, but think twice about them when it comes to tech gadgets. Because if parents can access information stored on a child’s tech gadget via the internet, that means hackers could too.
When it comes to buying technological toys for grown-ups, don’t be any less vigilant when it comes to passwords and permissions. And even though ordinary pans may not be able to notify you when to flip your French Toast, a fine set of non-smart pans can make a great holiday gift anyway. Because nothing ruins a holiday season more than finding out you’ve been hacked.