Hello…Can You Hear Me? Hackers Can Now Access Personal Information Through Children's Toys
This holiday season, be careful while toy shopping for your children. Increasingly, hackers are targeting information stored in Internet-connected toys. For example, an unauthorized party accessed VTech's Learning Lodge, a database that allows customers to download educational content to their VTech products, uncovering confidential names, birthdays and genders of more than 6.3 million children. In addition, a Bluebox report found that Mattel's talking Hello Barbie, an interactive doll, may have a security flaw in its software allowing hackers to steal personal information.
The research suggests that Internet-connected toys are an easy target for hackers because companies design the toys to store excessive personal information without adequate protection. Despite the privacy and security measures that software developers install in toys, security researchers contend that the quality of the technology may be inferior. Other unconventional consumer devices such as baby monitors that contain a simple, password-protected computer are also on hackers' hit list.
The ease with which hackers can exploit privacy and security measures installed in household devices suggest that no device is ultimately free from data breach, including robotic medical devices for children and the sick elderly. Robotic medical devices store and manipulate highly confidential health data to provide treatment or diagnostic information. For example, PARO, an interactive robotic seal, is regulated by FDA for use in dementia and Alzheimer's disease patients. The robotic seal responds to tactile, light, auditory, temperature and posture sensors to simulate social interaction and provide emotional support.
FDA has already raised concerns about cybersecurity risks for medical devices. It is important that medical device manufacturers and developers to take steps to address and preempt future data breaches. Processes must be in place to ensure that the device's software is properly equipped to withstand hacker attacks. This may include complex encryption and multiple levels of defense.