Smart toys have big security flaws, consumer group finds

Some of the coolest gifts on the shelves this year have security flaws that leave them vulnerable to hacking and could put children at risk.

Consumer safety group Which? researched connected toys for 12 months, and found vulnerabilities in the Furby Connect, I-Que Intelligent Robot, CloudPets and Toy-fi Teddy. It found that these toys use unsecured Bluetooth connections and it would be "too easy" for someone to use them to talk to a child.

"That person would need hardly any technical know-how to 'hack' your child's toy," the report warned.

Which? noted that Bluetooth range is usually limited to about 10 metres, so the main concern would be people nearby with malicious intent. However, it wouldn't be impossible to extend Bluetooth range.   

As more toys add Wi-Fi and Bluetooth connections to pack in new skills and features, regulators have kept a wary eye on them for security vulnerabilities

My Friend Cayla dolls Genesis Toys via CNET

Earlier this year, German regulators removed the My Friend Cayla smart doll from the market after classifying it as an "espionage device." And CloudPets was criticized for leaving account information and voice recordings exposed online.

Hasbro, creators of the Furby Connect, says it takes the report seriously and that children's privacy a top priority for the company.

"While the researchers at Which? identified ways to manipulate the Furby Connect toy, we believe that doing so would require close proximity to the toy, and that there are a number of very specific conditions that would all need to be satisfied in order to achieve the result described by the researchers at Which?, including reengineering the Furby Connect toy, creating new firmware and then updating the firmware, which requires being within Bluetooth range while the Furby Connet toy is in a 'woke' state," said senior vice president of global communications Julie Duffy. "A tremendous amount of engineering would be required to reverse engineer the product as well as to create new firmware."

CNET also contacted Spiral Toys, which makes CloudPets and Toy-fi Teddy), and Genesis Toys, which makes the I-Que Robot. They did not immediately respond to a request for comment.

You can see the results of the study in the video from Which?, below:

Connected toys pose child safety risk by Which? on YouTube

This article originally appeared on CNET.

    In:
  • Internet of Things

Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.