不要为您的孩子购买互联网连接的“智能玩具”

Just when you thought talking toys couldn’t get more annoying, new internet-connected toys like the Furby Connect and i-Que Intelligent Robot are smarter than their predecessors, allowing your child to ask questions, get answers, send audio messages, and more. And thanks to unpatched security holes, they’re more dangerous, too.

就在您以为说话的玩具再也不会令人讨厌的时候，诸如Furby Connect和i-Que智能机器人这样的新型互联网玩具比他们的前辈更聪明，可以让您的孩子提问，获取答案，发送语音消息等等。 。 而且由于未打补丁的安全漏洞，它们也更加危险。

Not only are many of these toys collecting information that can be stolen, but some of them can even allow attackers to talk to your child through the toys. And sure, lots of internet-connected devices have security problems—but these devices are aimed at your children. Is it really worth the risk to buy them an internet-connected toy that’s only slightly better than a regular toy?

这些玩具不仅收集了很多可能被盗的信息，而且其中一些甚至还可以使攻击者通过这些玩具与您的孩子交谈。 当然，许多与互联网连接的设备都存在安全问题，但是这些设备是针对您的孩子的。 为他们购买仅比常规玩具好一点的联网玩具是否真的值得冒险？

许多玩具包含黑客可以利用的安全漏洞 (Many Toys Contain Security Holes That Hackers Can Exploit)

Computer security is complex. Big tech companies like Google, Microsoft, and Facebook pour tons of resources into keeping your information secure, and doing so is often a moving target. Toy companies do not always take things so seriously.

计算机安全性很复杂。 像Google，Microsoft和Facebook这样的大型科技公司会投入大量资源来保护您的信息安全，而这样做通常是一个移动的目标。 玩具公司并不总是那么重视事情。

Technology site Which? found that four out of seven tested smart toys could be easily hacked over Bluetooth, because they just don’t take the necessary steps to secure the connection. The vulnerable toys included the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy, and CloudPets.

技术站点是哪个？ 发现经过测试的七个智能玩具中有四个很容易通过蓝牙被黑客入侵，因为它们只是不采取必要的步骤来保护连接。 易受攻击的玩具包括Furby Connect ， i-Que智能机器人 ， Toy-Fi Teddy和CloudPets 。

With a simple Bluetooth trick, an attacker would merely need to connect to the device with their phone, after which point they could—depending on the toy—control its motion, send an audio file, or even type in a message that the toy would speak out loud to the child. You can imagine the kind of trouble someone standing outside your house could cause by talking to your child through their toy.

通过简单的蓝牙技巧，攻击者仅需通过手机连接设备，此后，他们就可以(取决于玩具)控制其运动，发送音频文件，甚至输入一条信息，表明玩具会对孩子大声说出来。 您可以想象一个人站在屋外时可能会通过玩具与孩子交谈而引起的麻烦。

And this is just the most recent news story on the subject. Earlier this year, security researcher Troy Hunt found that CloudPets, a line of toys that allows you to send and receive voice recordings, had left their entire database of 2 million recordings—of children and parents—open to the internet, for anyone to grab. VTech, a company that makes toy tablets and laptops for kids, lost tons of personal information for kids and parents (including home addresses) in a public data breach. Germany has even banned kids’ smart watches as “illegal spying devices” after they were shown to be insecure.

这只是有关该主题的最新新闻报道。 今年早些时候， 安全研究员Troy Hunt发现 ，允许您发送和接收语音记录的玩具行CloudPets已将其200万个儿童和父母的记录的整个数据库开放给互联网，任何人都可以抓住。 伟易达公司是一家为儿童生产玩具平板电脑和笔记本电脑的公司，在一次公共数据泄露事件中，该公司为孩子和父母 (包括家庭住址)丢失了大量个人信息 。 在证明 儿童安全手表 不安全之后， 德国甚至将其作为“非法间谍设备” 予以 禁止 。

A few of these companies have even been sued for being unclear about what data is transmitted to the internet and shared with third parties.

其中一些公司甚至因不清楚将数据传输到互联网并与第三方共享而被起诉 。

这些公司中许多都不在乎解决问题 (Many of These Companies Do Not Care to Fix Problems)

You’d think repeated security breaches and controversy would light a fire under these companies to do better…but so far, that hasn’t been the case. In fact, when many of these issues were discovered, the researchers in question attempted to disclose them to the companies—but many were either brushed off or ignored entirely. For example, here’s what Hasbro had to say to Which? about the Furby vulnerability:

您可能会认为，反复出现的安全漏洞和争议会点燃这些公司的火，使其做得更好……但是到目前为止，情况并非如此。 实际上，当发现了许多此类问题时，相关研究人员试图将这些问题透露给公司，但其中许多要么被掠夺，要么被完全忽略 。 例如，这是孩之宝对哪个说的？ 关于Furby漏洞：

Furby-maker Hasbro told us that it takes our report “very seriously”, but feels that the vulnerabilities we’ve exposed would require someone to be in close proximity to the toy and posses the technical knowledge to re-engineer the firmware.

Furby制造商Hasbro告诉我们，“非常认真地”对待我们的报告，但认为我们所暴露的漏洞将需要有人靠近玩具，并拥有重新设计固件的技术知识。

“We feel confident in the way we have designed both the toy and the app to deliver a secure play experience,” the firm added. “The Furby Connect toy and Furby Connect World app were not designed to collect users’ name, address, online contact information (e.g., user name, email address, etc.) or to permit users to create profiles to allow Hasbro to personally identify them, and the experience does not record your voice or otherwise use your device’s microphone.”

该公司补充说：“我们对设计玩具和应用程序的方式充满信心，可以提供安全的游戏体验。” “ Furby Connect玩具和Furby Connect World应用程序并非旨在收集用户的姓名，地址，在线联系信息(例如，用户名，电子邮件地址等)或允许用户创建个人资料以允许孩之宝亲自识别他们，而且体验不会记录您的声音或以其他方式使用设备的麦克风。”

This seems to indicate that Hasbro sees no problem with their insecure toy. Who wants to place bets on whether they’ll fix it?

这似乎表明Hasbro认为他们的不安全玩具没有问题。 谁想押注他们是否会解决？

Other companies were more receptive, and hopefully those devices will receive software updates. But many won’t. After all, just look at how often old Android phones get updates—and those are major tech manufacturers, not toy companies.

其他公司则更容易接受，希望这些设备将收到软件更新。 但是很多人不会。 毕竟， 只要看看旧的Android手机获得更新的频率 —这些都是主要的技术制造商，而不是玩具公司。

风险不值得收益 (The Risk Is Not Worth the Benefit)

Look, to an extent, Hasbro is right—an attacker would need to be within Bluetooth range for the Furby exploit to work, and Bluetooth range isn’t particularly long (about 30 feet). They’d also have to know where a child with the toy lives. But Bluetooth can pass through walls, and Bluetooth devices broadcast themselves to everyone with a smartphone—so if someone was determined enough, all they’d have to do is walk down the street waiting for a toy to appear. If you’re in a neighborhood with smaller houses close to the street (or a family-friendly apartment building), it’s easier than you think.

从某种程度上来说，孩之宝是对的-攻击者需要处于Bluetooth范围内才能使Furby漏洞发挥作用，并且Bluetooth范围并不特别长(约30英尺)。 他们还必须知道带玩具的孩子住在哪里。 但是蓝牙可以穿过墙壁，蓝牙设备可以通过智能手机向所有人广播，因此，如果某个人有足够的决心，他们所要做的就是走在街上等待玩具出现。 如果您所在的街道附近的房屋较小(或家庭友好型公寓楼)，这比您想象的要容易。

We don’t want to sound like we’re scaremongering here: while it may not be an enormous risk, it’s more likely than your Amazon Echo spying on you, and we are all admittedly more skittish when it comes to kids’ safety than we are our own. Kids are easy targets for ne’er-do-wells on the internet, whether it’s creepy Peppa Pig videos meant to scare them or something more nefarious. It doesn’t matter how big or small the risk is, most of us are going to be conservative—especially when the reward that accompanies that risk is small.

我们不想听起来像是在这里吓一跳：虽然这可能不是很大的风险，但它比您的Amazon Echo监视您的可能性更大 ，而且在涉及儿童安全方面，我们所有人都比我们更谨慎是我们自己的。 无论是吓人的《粉红猪小妹》视频是吓them他们还是更邪恶的孩子，孩子都是互联网上轻松做事的目标。 风险的大小无关紧要，我们大多数人都会比较保守-尤其是当伴随风险的回报很小时。

And that’s the real bottom line here. A kidnapper is probably not going to sit outside your house attempting to hack your kids’ toys. But are the toys really novel enough to warrant the risk? Many of these toys are advertised for kids as young as 2 or 3 years old. It seems unlikely that a 2 or 3 year old is going to appreciate the features of an internet-connected smart toy vs any other talking bear.

这才是真正的底线。 绑架者可能不会坐在屋外试图劫持孩子的玩具。 但是，这些玩具是否真的新颖到足以承担风险？ 这些玩具中有许多是为2或3岁的孩子做的广告。 两岁或三岁的孩子似乎不太可能会喜欢与互联网相连的智能玩具，而不是其他会说话的熊。

翻译自: https://www.howtogeek/333516/dont-buy-internet-connected-smart-toys-for-your-kids/