Hackers ‘could talk to children’ through toys’
● Bluetooth connectivity security ‘not tight enough’
Hackers could communicate with children through popular “connected” toys such as the Furby, Toy-fi teddy and Cloud Pets cuddly toy, a consumer organisation has warned.
Which? found that the toys’ Bluetooth connection had not been secured, meaning that during the tests, hackers found they did not need a password, PIN code or other authentication to get access to change messages spoken by the toy – or receive information from the child playing with it.
The watchdog has now called for retailers to stop selling toys with proven security issues.
Investigators found that someone could use a toy to communicate with a child in four out of the seven devices tested, with the Furby, I-que Intelligent Robot, Toy-fi Teddy,
0 Connected toys such as the Furby could present a risk to children, Which? has warned and Cloudpets cuddly toy all failing the tests.
Alex Neill, Which? managing director of home products and services, said: “Connected toys are becoming increasingly popular, but as our investi- gation shows, anyone considering buying one should apply a level of caution.”
The investigation found that security experts were able to upload and play a custom audio file on the Furby, while the I-que Intelligent Robot discovered that anyone can download the app, find an i-que within Bluetooth range and start chatting using the robot’s voice by typing into a text field. The robot is made by Genesis Toys, the same manufacturer as the Cayla doll which was recently banned in Germany due to security and hacking concerns.
Which? found that Cloudpets, which comes as a stuffed animal and enables friends to send messages to a child, played back on a built-in speaker, could be hacked via its unsecured Bluetooth connection to allow someone to make it play their own voice messages.
Meanwhile, Toy-fi Teddy, which allows a child to send and receive personal recorded messages over Bluetooth via a smartphone or tablet app, lacks any authentication protections, meaning Which? hackers could send their voice messages to a child and receive answers back.
Hasbro, the maker of Furby Connect, said it took the investigation “very seriously”.
Vivid Imaginations, which distributes the i-que, said: “Within these reports it raises the issues of the security of the user which we take very seriously. Whilst some of these reports highlight potential vulnerability in the products, there have been no reports of these products being used in a malicious way.”
Spiral Toys, the maker of Cloud Pets & Toy Fi, refused to comment.