If the Hello Barbie complaints weren’t enough, now it has been announced that researchers determined that the kids’ toys, the Fisher-Price Smart Toy Bear and the hereO GPS watch, had some serious security vulnerabilities. The Smart Toy Bear’s backend programming used unsecured application programming interfaces (APIs) to allow portions of software code to interact. Sounds technologically okay, but because these APIs were unsecured, it allowed hackers to access information about registered children such as name, dates of birth, gender and spoken languages. Mattel has since addressed these issues in the Smart Toy Bear.
The hereO GPS watch used the same type of APIs and allowed hackers to access family members’ locations, GPS logs, and even other features of the kids’ watch like spying on communications. Again, hereO GPS watch manufacturer fixed these bugs and dealt with these issues.
While both toys’ security vulnerabilities were patched, the larger concern is how we can better protect children’s privacy moving forward…by adding more and more connectivity in younger and younger children, perhaps we need better guidelines for toy manufacturers when it comes to privacy and security.