Parents warned of 'worrying' security risks in Christmas 'smart' toys

A child safety warning has been issued over ‘smart’ toys that can be hacked via their Bluetooth connections. The security loophole means that it is possible for strangers to connect to the toys and talk to children without their parents’ knowledge

Warning over must-have smart toys that let strangers talk to YOUR child

This generation of so-called "smart" toys often have Bluetooth or wi-fi built into them, so a crazed lunatic could hack the toys and get them, for example, to speak directly to a child.

The Bluetooth connection on all the tested toys "had not been secured", according to the paper, "meaning the researcher did not need a password, pin or any other authentication to gain access".

Similarly, the security team were able to make the I-Que Intelligent Robot repeat phrases of their choosing by downloading the I-Que app, searching for a nearby device and typing into a text field.

The toy is made by Genesis Toys, the same manufacturer as the Cayla doll which was recently banned in Germany due to security and hacking concerns.

Which? is calling on retailers to stop selling smart toys with known security problems.

The product testing firm said "very little technical know-how" is needed to access the toys, which are created to allow children to send and receive messages.

Which? found that anyone can play voice messages through both products after connecting through Bluetooth, with the teddy even allowing children to send responses.

These steps included redesigning the toy's firmware and then uploading it within Bluetooth range.

An investigation by consumer group, Which?, found that the Furby Connect, i-Que Intelligent Robot, Toy-fi Teddy and CloudPets could all be accessed via bluetooth or wifi connections.

CloudPets toys, on sale at Amazon, are stuffed animals that enable friends to send a child messages that are played on a built-in speaker.

When buying toys, the DPC said that people should be aware of whether it has microphone, cameras or Bluetooth connections attached.

The Which? managing director of home products and services, Alex Neill, said: 'Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution.

After conducting a thorough investigation on how these toys work, the review site claims that some of them have "proven" security flaws. "If that can't be guaranteed, then the products should not be sold".

"The connected toys distributed by Vivid fully comply with essential requirements of the Toy Safety Directive and harmonised European standards, and (we) consider these products to be safe for consumers to use when following the user instructions", the firm said in a statement, adding that it would take the firm's recommendation about adding Bluetooth authentication to Genesis Toys.

A spokesperson for Hasbro, which makes the Furby Connect, said that children's privacy was a "top priority" and that they were created to comply with children's privacy laws.

It added that manipulating the toy would require close proximity and "a number of very specific conditions that would all need to be satisfied in order to achieve the result described by the researchers at Which?".

Spiral Toys, which makes the Toy-Fi Teddy and CloudPets devices, has not yet commented on the report.

Latest News