Madrid (EFE).- Cybersecurity experts have warned today that most of the most popular “smart toys” can illegally spy on homes and steal personal data -including images and sounds- or user credentials.
Among the risks associated with this type of toy, they have also cited the possibility that a third person could take remote control of these devices (for example, a drone) for criminal purposes, the interception of communications or identity theft.
The conclusions are highlighted in a study on the cybersecurity of smart toys prepared by the company S2 Grupo, which was presented today at a press conference in Madrid during which they demonstrated how you can interfere from a computer in control of one of those devices until it takes full control of it.
The director of the company, José Rosell, has stressed that children and their families are unprotected and has warned that most of these toys collect much more information than can be considered “reasonable” -such as the location of the minor- and they store all this data in “clouds” that nobody knows where they are and that can be managed in countries where rights protection standards are not comparable to those of the EU.
Protection of privacy and personal data
“Technology advances at the speed of light; legislation does not”, asserted Rosell, who has assessed the possibility that all toys incorporate a “quality seal” (similar to the “CE marking”) to ensure not only the quality of these products, but also that they comply with the standards protection of privacy and personal data from the point of view of cybersecurity.
The people in charge of this company have reviewed during the presentation of the report some of the most recent controversies with toys of this type: from a teddy bear for interactive learning that could access the private data of a minor to a doll that collected data from massively – including family conversations – and shared them with external companies.
Smart toys contain electronic elements (microphones, cameras, voice recognition, proximity sensors or radio or bluetooth transmitters) and in some cases even artificial intelligence elements capable of learning and processing information about the user and their environment.
Among the main threats, experts have cited identity theft, manipulation, disclosure of private information, denial of services or “elevation of privileges” and access from the toy to other devices.
The study also stresses the large number of benefits that these types of toys can bring to children in terms of learning, entertainment or socio-cognitive development, but also the importance of having safety controls so that parents they can establish time limits, the possibility of turning off the device completely, and that strong authentication passwords are established when they access networks.
He also points out that China -where 80 percent of the world’s smart toys are manufactured- is one of the countries that collects the most massive data from devices that are connected to networks and that the Government requires from large companies. technology companies (Tencent, Alibaba Group Holding, Tik Tok or ByteDance) that share data with the government.
Unlike European standards, in China there are no restrictions for government entities to collect information on call records, contact lists, location or other data of people, this company has stressed in its report, whose managers have had an impact on that all this information can be collected by “innocent” toys and end up on platforms or “clouds” that nobody knows where they are.