Children’s Privacy in the Age of IoT

IoT cloud pets toy

The age of the Internet of Things has elevated even the most mundane kitchen appliances to the cloud, and has allowed us to connect devices and collect data as never before. Want to remotely activate your tea kettle? Sure, go ahead. Need to change the temperature of your oven while in the other room? Do it from your smart phone. Worried about Fido’s fitness? Monitor his every move from the convenience of your tablet. With so many consumers purchasing “smart” devices, it’s no wonder that companies have jumped at the chance to sell smart toys. But with recent data breaches involving toymakers, parents may want to rethink their children’s privacy in the age of IoT.

The most recent incident involving children’s data and IoT toys occurred with the CloudPets brand of stuffed animals, which reportedly had a publicly accessible database with account information for over 800,000 users, and some 2 million recordings of children interacting with the toys. Security researcher Troy Hunt has completed an investigation which outlines some of the poor security practices of the toymaker. According to Hunt, things went from bad to worse, as the exposed databases were also involved in an ongoing ransomware scheme.

CloudPets is far from the only toy maker with data security problems. VTech, a popular manufacturer of children’s toys, suffered a data breach in 2015, which exposed information about 12 million people, including over 6 million children. The Cayla doll has been banned from Germany because of concerns that hackers could target children using the device.

While the Children’s Online Privacy Protection Act of 1998 prohibits the collection of personal information from children less than 13 years old, the new age of IoT is pushing the limits of what is allowed under the law. Senator Mark Warner of Virginia, co-chair of the Senate Cybersecurity Caucus, has called on the Federal Trade Commission to work with Congress to update regulations to better protect children’s privacy.

With or without additional regulation, consumers should be watchful about how their internet-connected devices might affect their privacy in their homes. With billions of records exposed, even the walls of our homes might not be enough to protect us from prying eyes.