Technology has created a never-ending battle between security and privacy. We want technology to make our lives as convenient as possible. And for the most part, we’re willing to give up a bit of privacy to make it possible.
We use Facebook. We let our Amazon Echo listen just in case we need something. We give Google a detailed record of our location data. People want privacy but not if it comes at the expense of innovation.
But what about when it comes to our kids?
It might have been funny to think of Barbie as a Cat Burglar when the doll came out in 2009. But Espionage Barbie is getting real. Are we giving up on youth privacy, too?
Germany Bans Espionage Doll
The Internet of Things is rolling through just about every piece of technology you can think of. And according to Mikko Hypponen, Chief Research Officer at F-Secure, “in five years’ time you go and buy a toaster, it—regardless of the toaster you buy, even if there’s no IoT features—it’s still gonna be an IoT toaster.”
This idea is already moving into the toy business. In February 2017, Germany banned the My Friend Cayla doll, calling it a stealthy espionage device. It listens and records everything your kids say!
Norwegian Consumer Council Technical Director, Finn Myrstad, went a step further to show how closely the listening doll blures the line between technology and privacy. He asks the doll “Can I trust you?” and gets a simple “I don’t know” in reply.
You might think this is just a subset of the discussion we have about devices like smart TVs, gaming consoles, smartphones, and connected cars collecting so much data about us. We have court cases defending the privacy of data collected by Amazon’s Alexa—but it’s a bit different when we talk about youth privacy.
Why Youth Privacy and Tech Toys Are Major Cyber Security Concerns
The main issue with tech toys that aim for better engagement through listening and personalized responses is the storage of data. When the Cayla doll records a conversation with your child, the data is sent to the doll manufacturer and then another company that develops voice-recognition software.
When you buy a toy like this for your child, you’re leaving his/her personally identifiable information (PII) in the hands of a company that could be hacked as easily as any other.
You might be willing to sacrifice a bit of your own privacy—but your kids? We’ve seen in the past that a tech toy companies can be hacked and there will only be more incidents if attackers see these are such weak targets.
When PII is compromised at such a young age, we risk setting children up for data breaches and security attacks later on in life. With the inevitability of connected devices—tech toys included—we have to figure these security concerns out before we make a youth privacy mistake that we can’t take back.
Shining a Light on Espionage Barbie and Emerging Tech Toys
Any act of espionage is compromised the moment it is identified by the target. So if we want to eliminate the security concerns of tech toys, we have to make it so that hackers can’t hijack these devices in such secrecy.
As is the case in so many data breaches, attackers find their way into a network and exfiltrate data without ever being noticed. If a company that stores tech toy data is compromised, so are our children.
This is why network visibility is so important in an age where sprawling connectivity is inevitable. We can’t sacrifice security for convenience anymore! We can have both if we properly baseline network traffic.
To learn how to properly baseline your network, download our free white paper, How to See Your Baseline Traffic.