Investigation Shows Children’s Connected Toys ‘Easily Hacked’

A new investigation has revealed a number of issues with certain children’s connected toys, with vulnerabilities that make them “easy enough for almost anyone” to hack.

The investigation, conducted by U.K. consumer association Which? along with security research experts and other consumer organizations, has pointed out easily exploitable flaws in a number of popular toys which connect using Bluetooth or Wi-Fi.

Furby Connect, I-Que Intelligent Robot, Toy-fi Teddy, and CloudPets talking toys were all found to have major issues that would allow malicious users to send audio messages from the toys to their young users.

Bluetooth Makes It Easy

Unsecured connections are the root of the problem, as the apps used for these toys require no step for secure Bluetooth pairing. Therefore, anyone nearby could download the app and connect to these toys using Bluetooth on their devices.

A few of the companies commented on the results of the investigation, and while they said they would look into the issues, it’s unclear if they’ll take any action.

It’s been noted that someone would have to be in Bluetooth range to access these toys, but as the report notes, there are ways to extend Bluetooth range. Also, typical Bluetooth range is around 33 feet, which in many cases would still be long enough for someone outside to hack a toy in a nearby home, as one example. The report notes that a CloudPets toy was accessed from the street in one test.

Buyer Beware

The issue is serious enough to Which? that the organization has called for all connected toys with “proven security or privacy issues” to be removed from the market.

This warning follows a recent article about the security vulnerabilities found in some children’s smartwatches — flaws which could allow hackers to eavesdrop on conversations and communicate with children, among other issues.

If you’re looking to buy any sort of connected toy or smart device for a child this holiday season, be sure to do your research first — and don’t be afraid to question if it’s really necessary for some of these gadgets to be connected at all.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is Editor of Security Baron. An award-winning journalist, Dzikiy was formerly the Editor-in-Chief of iLounge.com, and his writing has appeared on TheWirecutter.com, among other outlets. He lives in New York City.

Related News

Leave a Comment

Trending News

Follow Us

Reviews