DENVER —
Authorities are warning parents about privacy and safety concerns related to internet-connected toys after reports of home devices being hacked this week.
At least four U.S. families this week reported they have been affected by strangers hacking into their Ring home security cameras.
One northern Mississippi family shared footage with WMC Action News 5 from inside their child’s room where the child was playing. The footage showed someone speaking through the Ring devices' speakers and talking to the child.
The Federal Trade Commission (FTC) warns parents looking to buy an internet-connected toy this holiday season on how to best protect their child’s data and privacy.
The FTC works to prevent fraudulent and deceptive behavior and educate consumers how to avoid unfair business practices in the marketplace.
The FTC recently shared a list of questions consumers should ask about an internet-connected toy before wrapping one up and placing the gift under the tree:
Understand the smart toy’s features:
- Does the toy come with a camera or microphone? What will it be recording, and will you know when the camera or microphone is on?
- Does the toy let your child send emails or connect to social media accounts?
- Can parents control the toy and be involved in its setup and management? What controls and options does it have? What are the default settings?
Understand what information the smart toy collects, and how it will be used:
- When your child plays with the toy, what kind of information does it collect?
- Where is this data (including pictures and recordings) stored, how is it shared, and who has access to it? Does the toy company give parents a way to see and delete the data? Is the information secure?
- The Children’s Online Privacy Protection Act (COPPA) ensures parents have control over the personal information companies collect online from their kids who are under the age of 13. The toy company has to tell you about its privacy practices, ask for your consent, protect and secure collected data and give you the right to have your child’s personal information deleted because of the COPPA Rule.
Additional red flags on internet connected toys to look out for from Security Intelligence's website:
- The toy is available only online.
- The toy has no identifiable supply chain that identifies who manufactured it or where it was manufactured.
- The company manufacturing the toy does not have a physical address, return address or consumer complaint number.
- Free shipping to military personnel.
- There is no telephone number, physical address, mailing address or customer service number for the seller of the toy or the mobile app required to use the toy.
- The mobile app provider requires the user to sign up for the cloud service using his or her real first and last name and physical address.
- The toy stays connected to the cloud even when it is off.
- The toy is programmed to receive automatic updates or downloads.
- The toy comes equipped with a long-range receiver and transmitter.
- The cloud provider storing the data is never identified in the end-user license agreement (EULA).
- Neither the toy nor the mobile app comes with an EULA.
To keep any internet-connected device secure, always make sure to create a variety of strong passwords and usernames, setting up two-factor authentication and consistently updating passwords and usernames.
SUGGESTED VIDEOS | Colorado Guide