This can lead to data protection and security gaps that parents are probably not even aware of. Security expert Ildikó Bruhns from Saferkidsonline explains possible risks and gives general tips to ensure that intelligent playmates do not turn into spies or network children with strangers.

Cloud instead of cassette: the radio play listener is becoming more transparent

There are a number of networked audio boxes on the market that have long since moved into children's rooms at home. The operating concepts of these music cubes are different, but are generally tailored to the abilities of preschool children. But unlike the good old cassette players or CD players, modern audio books and music boxes do not require sound carriers.

“In the childhood of today's generation of parents, neither the manufacturers of cassette players nor the radio play producers knew about their customers' listening habits. With most modern audio boxes, however, nothing works without creating a user account,” says Ildikó Bruhns from Saferkidsonline. “As soon as the digital cube is used, however, various data flows over the air.” For networked audio boxes, this can include operating events such as changing the volume, winding and skipping, connecting/removing headphones, connecting/removing the charging station and what content is being played becomes.

In addition, every operating step is usually recorded for product improvement reasons. When setting up an audio box and after adding another WLAN, the available networks and the connected network (SSID) are also transmitted. In many cases, a connection to the cloud and the Internet is also required to play a radio play for the first time, but all subsequent times it also works without the Internet.

A look at the data protection declaration will help

The good news is that the manufacturer of a popular radio play box, for example, lists the data transfers described above transparently in the data protection declaration. So anyone who chooses an audio box of this type knows exactly what they are getting into. Personal data will expressly not be passed on to third parties and will be processed in accordance with the requirements of the GDPR. However, the company reserves the right to randomly listen to self-created content. On the one hand, this is important, for example in order to record copyright or competition violations, but on the other hand, there is a chance that employees could find out about things that have nothing to do with them.

The device's continued connection to its manufacturer's services poses a further risk: if it goes off the market at some point, its devices will also fall silent. In the worst case scenario, parents have a cube sitting around at home that is literally speechless and can no longer store any new content. But the risk exists on many devices and cloud-based services.

In contrast to talking dolls and listening dinosaurs, hacker attacks on such audio boxes have so far been purely theoretical - probably because the benefit for cybercriminals would not be well proportioned to the effort. Because the audio boxes have neither cameras nor microphones, eavesdropping and spying on children's rooms is not possible.

However, hacker attacks on smart toys are not fiction. Hackers have already stolen customer data from a well-known learning computer manufacturer in the past . also took action against a smart doll that not only had a conversation with the children, but also listened to them.

Connected Toy Tips:

  • Before purchasing, find out about the toy’s functionalities. Does it have a camera, microphone, WiFi connection or Bluetooth?
  • Check setting options in terms of security and privacy:
    • Are security updates published regularly and installed automatically?
    • Can I manually turn off WiFi and Bluetooth when not in use?
    • Can the microphone and camera functions be deactivated?
    • Does the camera record location data via GPS?
    • Are there extra child-safe settings?
  • Deactivate Bluetooth when not in use: A switched off Bluetooth device cannot be attacked from the outside and no one can secretly connect to it. The function should be set to “invisible”. Make sure that sent files are not received automatically but must be approved. In addition, for internet-enabled toys, the Bluetooth interface should also be password protected (you may find information on the manufacturer's website).
  • Read the data protection declaration carefully so that you know what data the manufacturer collects about the toy functions, for what purpose it is stored or further processed, where and how.
  • Only reveal the most necessary data and check which permissions, for example, an associated app requires. If she wants to access all possible functions that are not necessary for the operation of the toy, you should exercise caution.
  • Familiarize your child with the toy . Explain to him that it is not a “normal” cuddly toy, but that it works differently. This way you can accompany your child on their way into the digital world.
  • Set rules: If the smart toy has a camera or microphone, it is even more important to agree where and when the toy can be used. This way you can ensure that no “motion profiles” of your apartment are recorded.

Further information and tips can be found at Saferkidsonline.de

Also Read:
Facebook Warning: Do Not Click on Such Comments

Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )