Safety alert issued for connected toys
Consumer experts are warning of a security risk surrounding toys that are wi-fi and bluetooth-enabled
Parents are being warned that some smart toys could be hacked into by strangers – who could then talk to children directly in the voice of their trusted and beloved toys.
The consumer watchdog Which?, in partnership with cyber-security experts Context IS, found that popular toys including Furby Connect, CloudPets, Toy-fi Teddy and I-Que Intelligent Robot are all vulnerable to hacking – meaning that a stranger could potentially talk to your child through the toy.
Four of the toys tested were found to connect with unsecured connections. An unsecured connection is one that does not require a password, a pin or another form of authentification to pair with the toy. This means that anyone with a bluetooth or wifi-enabled device such as a smartphone can connect to the toy.
Several of the toys are designed to talk directly to your child, which adds to the fun of them. But Which? found that anyone in a 10-metre radius with the I-Que robot app can type messages for the robot to say. The watchdog found similar security vulnerabilities in CloudPets, the Toy-Fi Teddy and the Furby Connect. The toys speak in their “own” voice, which means that your child is likely to trust what it says if they play with the toy for a long time.
Alex Neill, Which? Managing Director of Home Products and Services, said: “You wouldn't let a young child play with a smartphone unsupervised and our investigation shows parents need to apply the same level of caution if considering giving a child a connected toy.”
Furby-maker Hasbro responded to the Which? report and said it took it seriously: “We feel confident in the way we have designed both the toy and the app to deliver a secure play experience.” Vivid Toys, makers of the I-Que, said there had been no reports of the toy being used maliciously.
Read the full report by Which? here.