The Internet of Toys and Games by @mhbjr for My Security Thoughts
I am a father of two teenage boys. I love my boys. They are one of the main reasons for me to advance making sure they have a safe and secure home. They are also Xbox-heads.
They love that console. I have come to see it as not just a gaming console but as an extension of their social lives. They not only play games with their friends and others but they use it as a communication hub to connect with their friends from school even though they are not engaged in a game. I have watched as one of my sons watched a video on YouTube on his phone while talking with one of his friends about the video over Xbox Live. No game being played just talking.
Now walking away from his room started me thinking about what is going thru that console. My wife and I have learned to give them the throwaway credit stores you buy at the grocery store rather than use our cards. Thanks you Sony. Still the amount of information that is collected such as birthdates and full names for some games is disturbing.
I know that those collecting the information have privacy policies that are supposed to put us at ease. We know that protecting our information overrides any financial incentives that they may have. Plus if there is a breach and the data gets out they will give us free support for a whole year.
Still we are talking about humans under the age of 18 providing information that could hurt them in the future. In addition I feel that our younger children are being targeted to provide detailed information or at the very least being trained to provide the information.
Why do I believe this? Well one recent example is the new Barbie doll that is coming to stores or that may already be on the shelves. It is the ‘Internet Connected Barbie’. It has voice recognition and you or your child can have conversations with it.
See this link: http://abcnews.go.com/Technology/barbie-internet-connected-doll-conversations/story?id=29026245
I am not going to go into the types of hacks that could be done on this toy. Not even the possibility to turn it into a spy device for the paranoid divorced parent that wants to spy on the estranged spouse. Let’s just not go down that road.
I just have to assume that this doll if using voice recognition is tied into some server in a cloud farm. I think that they are storing some of this information.
You might say that want can a pre-teen or younger say to a doll that would have any consequences. I don’t know what they could say. I do know that children have been known to repeat things that they hear at the most inopportune ties. Remember I have two boys and they had an uncanny ability to embarrass my wife and I. We had to watch what we said even if we did not think they could hear.
Now take a small child with an Internet connected toy with voice recognition and you have potential for leakage of information. If I was to be paranoid how long before this Internet connected doll gains the Xbox Kinetic-like ability to do visual recognition of the people and objects in the room.
Will law enforcement now send subpoenas for the audio and video recordings from Barbie? Will Mattel be subjected to National Security Letters?
Thoughts?
In support of my post: http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/11/privacy-advocates-try-to-keep-creepy-eavesdropping-hello-barbie-from-hitting-shelves/
Well it looks like my predictions are coming true. http://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children