Investigation Shows Children’s Connected Toys ‘Easily Hacked’

A new investigation has revealed a number of issues with certain children’s connected toys, with vulnerabilities that make them “easy enough for almost anyone” to hack.

The investigation, conducted by U.K. consumer association Which? along with security research experts and other consumer organizations, has pointed out easily exploitable flaws in a number of popular toys which connect using Bluetooth or Wi-Fi.

Furby Connect, I-Que Intelligent Robot, Toy-fi Teddy, and CloudPets talking toys were all found to have major issues that would allow malicious users to send audio messages from the toys to their young users.

Bluetooth Makes It Easy

Unsecured connections are the root of the problem, as the apps used for these toys require no step for secure Bluetooth pairing. Therefore, anyone nearby could download the app and connect to these toys using Bluetooth on their devices.

A few of the companies commented on the results of the investigation, and while they said they would look into the issues, it’s unclear if they’ll take any action.

It’s been noted that someone would have to be in Bluetooth range to access these toys, but as the report notes, there are ways to extend Bluetooth range. Also, typical Bluetooth range is around 33 feet, which in many cases would still be long enough for someone outside to hack a toy in a nearby home, as one example. The report notes that a CloudPets toy was accessed from the street in one test.

Buyer Beware

The issue is serious enough to Which? that the organization has called for all connected toys with “proven security or privacy issues” to be removed from the market.

This warning follows a recent article about the security vulnerabilities found in some children’s smartwatches — flaws which could allow hackers to eavesdrop on conversations and communicate with children, among other issues.

If you’re looking to buy any sort of connected toy or smart device for a child this holiday season, be sure to do your research first — and don’t be afraid to question if it’s really necessary for some of these gadgets to be connected at all.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like and along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Trending News

Follow Us