Connected toy toucan that was found to be hackable.
Authentication steps were omitted from the connection flow for the Teksta Robotic Toucan (probably to streamline usability), which allows for anyone within range to connect to it.

With connected devices being a hot industry, companies are hastily shipping hardware products that contain a mix of sensors, low-cost chips, wireless connectivity, all tied together with apps that werescraped together at the last minute. Do all those pieces come together to form a secure product? Does the toaster company, albeit experts at toast and toast-related devices, suddenly know how to prevent their new connected toaster from being hacked and setting house fires?

It’s no wonder that in recent months connected products, and especially smart toys, have come under high scrutiny. The thought of our devices listening in on us is enough to trigger a little anxiety, but toys spying on our children is enough to make us shudder.

In February of 2017, Genesis Toys found itself under scrutiny when its microphone-enabled cloud-connected doll, My Friend Cayla (and the i-QUE Intelligent Robot), was found to have the potential for communication interception due to the lack of authentication on the connection process. Later in the year, Genesis’ Teksta Robotic Toucan was also found to have the same risks. A viral video demonstrating a hypothetical hack scenario only served to raise fears of (all) childrens’ connected toys being targets for hacks. While news of “hackable” connected toys may be feeding paranoia about a new generation of exciting products, many of which are tightly secured, it does a great public service to raise awareness to consumers and designers alike.

Including security in your connected toy design

With the Genesis products and several other hacked devices that have shown up in the news, a trend has come to light: there was little to no thought given to security when the device and app were designed. In drastic cases, it seems security only became an issue when the product entered the market and was called out as being hackable. While not a substitute for proper security implementation, keeping security in mind as a design goal from day one enables designers to make choices that lay the foundations for a secure device and communications for product launch. When Workinman designs, we consider security every step of the way.

Taking advantage of existing security

Connected product designers and manufacturers need not be intimidated by security. You do not have to invent and implement a robust enterprise firewall on your smart plush panda or hire a basement full of Russian hackers to field test your intelligent coffee mug. There are many already-secure network protocols, tightened-up and trusted hardware components, and best practices out there–ready to be used to your advantage!

Keep COPPA in mind

Whether you are producing a smart toy or connect product for a 13-year-old and younger audience, publishing connected product software, or distributing connected products in the United States, you need to be in compliance with the Children’s Online Privacy Protection Act (COPPA). Failure to comply can lead to harsh penalties that compound per violation.

Luckily, COPPA rules are generally straightforward, and the Federal Trade Commission (FTC) has all the information you need on their website. Making sure your connected product’s online service complies with COPPA rules is a cornerstone of security, and one of the easiest ways to avoid a public relations nightmare after launch.

With over 10 years experience designing for youth markets, Workinman has gained the experience and developed the tools needed to ensure security and COPPA compliance of its games and connected apps. Need guidance developing your product? Contact us.

Workinman’s Best Practices for Connected Toy security.

Proper Planning

  • Plan for security from the beginning, not as the final touch or for after release. Security shouldn’t be an afterthought.
  • Every step of the way, every meeting, every feature–ask: “Is this secure?”

Connected Hardware Design

  • Design the hardware to be tamper-proof, sealed, and difficult to open. Keep hackers out of those extra ports and debug options.
  • Limit the scope of the hardware features to only what is needed for operation. Don’t add unnecessary USB ports or networking features that could be used as exploits.
  • Use hardwired inline LEDs to indicate monitoring components (cameras, microphones) are live, and inform the users of this feature.
  • Use trusted components and suppliers.
  • Don’t allow for settings beyond reason (heat, power, loudness). Hackers could exploit and, to some degree, weaponize these controls.
  • Make sure safety features inherent to the hardware are not overridden by firmware or the app, either by the user, or bugs.

Connected Product Firmware

  • Make sure the hardware supports over-the-air (OTA) firmware updates. This will allow for easy deployment of updates and patches later on.
  • Make the firmware update process is secure. You don’t want hackers to take advantage of the OTA process to upload hacked firmware.
  • Budget for a few firmware updates during the product life cycle. No one gets it right the first time, and budgets are often a major hurdle to getting updates out after launch.
  • Remove debug features prior to release.

Networking & Connections

  • Use only secure communication protocols.
  • Do not use a non-unique default username and password for logins.
  • Protect logins from Brute Force attacks using Honeypots and password length minimums.
  • Limit networking features and capabilities to only what the product needs.
  • Avoid the use of recognizable, discoverable network names for the devices. A name such as “Kids Sleeptime Doll” is a clear target, while “HF24943DHJA005” is much less identifiable on networks.

Data Collection and Storage

  • Don’t collect and store unnecessary user data on the device. If data is collected, process it to a secure location and remove it from the device.
  • Encrypt the data stored on the device and within the companion app.
  • Comply with COPPA: For children 13 and under, the device or its companion app should not collect personal identifying information.
    • This includes photos/video of the child, geolocation, and information about interests, hobbies, items purchased that is pushed to the cloud.

Ensuring Security

  • Have the firmware/application code audited.
  • Plan regular reviews and updates.

Be Transparent

One of the best ways to avoid privacy concerns from customers is to simply be frank about what your device does and any potential risks.

Let them know what sensors are included in the hardware and how they are used. Make your privacy policy easy-to-read and understand. Make it specific to the device and not some boilerplate legal heap. Provide bullet points at the top to help people understand critical concepts behind the policy. Many app stores require privacy policies to be accessible from within the companion app as well.

For COPPA compliance, a link to the privacy policy should be provided in the toy’s documentation or within the app itself.

Our Commitment to Connected Toy Security

Our success depends on yours and your product’s. Our goal is to put security at the forefront of our connected product development, and to assist with product launch and continued support that eases customer’s concerns.

Workinman’s Connected Products Services

We do a lot more than just game design and development. We create some of the best connected product apps in the biz. Our design team can also help with rapid hardware and software prototypes, cloud-based hardware simulation, platform APIs, and more. Have a special job to be done? Let’s talk.

We’d love to team up with you to develop safe, secure, and fun connected toys and other products.

Read more about our Connected Products Development Services.

You must be logged in to post a comment.
This website uses cookies to improve your experience. If you continue to use this site, you agree with it. Our Privacy Policy