Your children's connected toys can be hacked, warn experts

Sarah Tew  CNET

The warnings come after United Kingdom consumer watchdog Which? urged major retailers to withdraw a number of "connected" toys that are expected to be popular at Christmas, after finding security failures that could put a child's safety at risk.

As with anything technological, once hackers connect to the toys they are able to send messages, which can then be heard as the child plays with the toy.

The Furby Connect, perhaps the most well-known toy on the list, was found to contain the Bluetooth flaw that let anyone within range connect to the toy.

"Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution", said Alex Neill, the managing director of home products and services at Which?.

Those toys include Furby Connect, the i-Que robot, Cloudpets and Toy-fi Teddy.

Two of the manufacturers said they took security very seriously.

THE DATA PROTECTION Commissioner (DPC) is reminding parents in the lead up to Christmas of safety issues surrounding a child's privacy when using toys with microphones and cameras that can connect to the internet. "If that can't be guaranteed, then the products should not be sold".

Which? also found that if the unsecured connections were exploited, hackers could communicate with the kids playing with the toys - either directly or with custom audio messages.

Vivid said it would be speaking to Genesis about improving security on the robot.

"We feel confident in the way we have designed both the toy and the app to deliver a secure play experience", reports the BBC.

I-Que maker Vivid Imaginations said there had been no reports of any malicious use of its products, but it would be reviewing Which?'s findings.

Hasbro, which makes the Furby Connect, said in a statement that it believed the results of the tests carried out for Which? had been achieved in very specific conditions.

Which? is now putting its foot down and is calling for all connected toys with proven security or privacy issues to be taken off sale, citing the example of the German "Cayla" doll being yanked from shelves after it was revealed that it records children's conversations and uploads them to the cloud.

It said: 'While it may be technically possible for a third party (someone other than the intended user) to connect to the toys, it requires certain sequence of events to happen in order to pair a Bluetooth device to the toy, all of which make it hard for the third party to remotely connect to the toy'.

The DPC said any interactions a child might have with these kinds of toys are a potentially sensitive matter.

The Register has contacted Spiral Toys, manufacturers of CloudPets and Toy-Fi Teddy, for comment.

Related:

Comments

Latest news

Cristiano Ronaldo Ready to 'Block' Real Madrid's Proposed Move for Tottenham Superstar
When asked this season if he was expecting to sign a new deal with Madrid, Ronaldo told beIN Sports: 'I don't want to renew. A hugely worrying news for Real Madrid fans has emerged in connection with Cristiano Ronaldo .

'I'm a Filipino' says white transracial man (who also wants gender change)
Scheckner had some wise words for family members and others who may be critical of Ja Du's identity. He added, "I think that we all have the freedoms to pursue happiness in our own ways".

Livingston shines in Curry's absence as Warriors roll to seventh straight win
Orlando, which dropped a 125-107 game in Denver on Saturday, also features ex-Warrior Marreese Speights in a reserve role. Curry is now averaging 25.2 points, 6.7 assists and 4.7 rebounds per game this season.

Telangana Cop Suspended For Getting Massage From Woman Colleague
A couple of weeks ago in Hyderabad's Saroornagar, Inspector S Lingaiah was caught getting a massage by home guard Saida Naik. If anyone had doubts over the prevalent exploitation of home guards by police, this video will shatter their disbelief.

This is when old paper £10 notes will be WORTHLESS
The governor of the Bank of England, who revealed the new note, said it is "cleaner, safer and stronger. and resistant to curry". Now, the Bank of England has confirmed that from March 1 2018, the old note will no longer be accepted as payment.

Other news