Consumer testing experts are urging retailers to stop selling children’s toys which connect to wifi or Bluetooth.
According to product watchdog Which?, popular toys such as Furby and Cloudpets pose “concerning vulnerabilities” that could allow strangers to speak to children.
After conducting a thorough investigation on how these toys work, the review site claims that some of them have “proven” security flaws.
“Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution,” said Alex Neill, managing director of home products and services.
Neill and her team of researchers tested a number of connected toys available at major retailers in collaboration with German consumer organisation Stiftung Warentest.
They found that there is no authentication required to link some toys with devices via Bluetooth.
“In each of the toys, the Bluetooth connection had not been secured, meaning during the tests the hacker didn’t need a password, PIN code or any other authentication to get access,” Which?’s report said.
Consequently, Which? are claiming that the following toys can be easily “hacked” and could pose severe threats to child safety:
Furby Connect, the i-Que robot, Cloudpets and Toy-fi Teddy.
They have also published a short video which demonstrates how “easy” it is for a hacker to gain access to the voice control of these toys.
“With toys like these and other connected toys expected to be popular around Black Friday and Christmas, we’re calling for smart toys to be made secure, or taken off sale entirely,” they said.
Hasbro, who manufacture Furby Connect, responded to Which?’s findings with the following statement:
“A tremendous amount of engineering would be required to reverse-engineer the product as well as to create new firmware.
“We feel confident in the way we have designed both the toy and the app to deliver a secure play experience,” reports the BBC.
Vivid Imagination, who produce the I-Que robot, said that they would review Which?’s claims, but insisted that they had never received reports of the toys “being used in a malicious way.”
Powered by WPeMatico