Families who celebrate Christmas have long got use to Santa Claus arriving with his sack full of toys for the children the Matrix-way, through broadband cables. But this year the man-in-the-red-cloak sporting a white beard may be bringing more than you reckoned for… “intelligent toys”. These are connected toys, connected by Wi-Fi to the internet and to the cloud where your children’s voice and activities can be stored and analysed.
Of course, this isn’t entirely new. PlayStation, X-Box and other game consoles have been connected for several years. But now a whole new generation of toys for younger children is hitting the market. VTech, for example, specialises in education toys, allowing intimate family moments to be recorded and stored online. According to the Financial Times (2 December 2015), citing Motherboard, a technology news site, VTech “has confirmed that the data of 5 million parents and their children were stolen”. The profiles of over 6 million children were involved. Equally as worrying is that VTech also admitted that its database “was not as secure as it should have been,” and “that it didn’t know of the data breach until Motherboard alerted them.”  Other well-known brands of connected toys include Lego, Walt Disney and Activision for a market estimated by Juniper Research for 2015 to be worth USD2.8 billion.
One of the world’s most successful toys for young children has been the Barbie girl. Now meet ‘Hello Barbie’. “When Barbie’s belt buckle is held down, everything your child says is transmitted to cloud servers, where it is stored and analysed by ToyTalk, Mattel’s technology partner” according to the Campaign for a Commercial Free Childhood, which observed that “Children confide in dolls and reveal intimate details about their lives, but Hello Barbie won’t keep those secrets”. “With Hello Barbie, Mattel and ToyTalk’s programmers and algorithms drive the conversation, undermining the creative play that is so critical to children’s development”.
Besides the fear that Mattel or ToyTalk might sell the data on to other partners for intrusive sales promotions, the fear of hacking, as in the VTech case, looms ever larger. ToyTalk’s response to such fears is that “We are not aware of anyone who has been able to access your Wi-Fi passwords or your kid’s audio data.” The danger of hacking can take place at any point along the chain linking usage to connectivity to storage. In the VTech case it was at the storage end. Man-in-the-middle attacks take place along the communications chain. At the user end, the hacking of home-Wi-Fi enabled devices is very much on the rise, mainly because it is so easy. The Telegraph reported an ethical hacking study as early as 2010 in the UK which demonstrated 50% of homes could be hacked within 5 seconds. Kids play with their toys, like dolls, in public places as well as at home. In 2015 the MailOnline reported another ethical hacking by a 7-year old girl who took 11 minutes to hack into a public free Wi-Fi network. In 2014, a Russian website uploaded hacked family videos, including 500 from baby monitors, CCTV cameras and webcams in UK homes.  The dangers are self-evident.
Can Santa help? He cannot refuse to deliver his sack full of toys; it’s his obligation under his terms and conditions of employment. But I bet the safest child on the planet this Christmas is that 7 year old girl who knows exactly how vulnerable other children can be. Maybe Santa can ask VTech and others to send ethical hacking kits this year? Then the kids can teach their parents too, making it a Happy Xmas.
 ‘Privacy activists slam high-tech Barbie doll’ Today Singapore, 2 December 2015