Don't Get Your Kid an Internet-Connected Toy

For last-minute shoppers, tech toys hold a special appeal. They’re crowdpleasers, and generally available with two-day shipping—or faster—from any number of online retailers. Stapling on internet connectivity also might make these flashy kids gadgets sound all the more appealing; it’s not just a teddy bear, it’s a machine learning teddy bear. On the other hand: don't.

This is not a screed against technology generally, or even tech as it relates to kids; there are plenty of responsible, safe ways for children to navigate and benefit from the internet. Instead, it’s an important reminder that toys with an online connection are at their core just another IoT device, often replete with the same ills and vulnerabilities. Plus, they have the added horror of occasionally pointing a microphone or camera at your child.

“Generally, people may not make that leap" that an internet toy is just another part of the IoT landscape, says Tod Beardsley, research director at security firm Rapid7. But hackers who target poorly secured internet-connected devices don’t distinguish between, say, a generic webcam and a Wi-Fi action figure. “A lot of the infrastructure looks like regular old Linux or Android. An attacker doesn’t care; inside it’s just a computer,” Beardsley says.