Smart toys have big security flaws, consumer group finds

Share

Which? also found that if the unsecured connections were exploited, hackers could communicate with the kids playing with the toys - either directly or with custom audio messages.

"These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed", the Federal Bureau of Investigation said, according to NBC News.

"Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution", said Alex Neill, managing director of home products and services at Which?, according to BBC.

The FBI suggests that adults research any Wi-Fi or Bluetooth-enabled toys before giving them to a child, and that if they do have them, to take proper measures to secure them.

Which? has written to retailers to urge them to stop selling connected toys that have proven security issues.

"While there is no denying the huge benefits these devices can bring to our daily lives, safety and security should be the absolute priority".

The consumer group Which? checked popular connected toys to test their vulnerabilities.

Which? has revealed that the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets toys were all susceptible to this hack. Which? found the Bluetooth connection lacked any authentication protections, meaning hackers could send voice messages to a child and receive answers. "If that can't be guaranteed, then the products should not be sold".

Leel Electricals Ltd Q2 net profit at Rs. 731.01 crore
GAIL's share price at the Bombay Stock Exchange (BSE) today closed at Rs 456.45, up 0.26 per cent as compared to previous close. The firm transported and marketed 5% more gas volumes in the July-September quarter, the statement said.

Vivid Imaginations, which distributes the i-Que robot toy, told Which? it will "actively pursue this matter" with the manufacturer after "communicating the issues" raised in the published reports.

Lead Image: Researchers found CloudPets could be hacked via their unsecured Bluetooth connection.

The I-Que Intelligent Robot (left) has previously featured on Hamleys top toys Christmas list.

A consumer watchdog company has called several internet-connected toys into question just ahead of the holiday shopping season.

A spokesperson for Hasbro, which makes the Furby Connect, said that children's privacy was a "top priority" and that they were created to comply with children's privacy laws.

"While the researchers at Which? identified ways to manipulate the Furby Connect toy, we believe that doing so would require close proximity to the toy". Hasbro, which makes Furbys, claimed that the testing was done in a very specific set of conditions, and that someone would have to reverse engineer the product and create new firmware to gain access.

The Register has contacted Spiral Toys, manufacturers of CloudPets and Toy-Fi Teddy, for comment.

It said: 'The circumstances in which these investigations have taken place rely on a flawless set of circumstances and manipulation of the toys and the software, that make the outcome highly unlikely in reality'.

Share