The Scotsman

Security fears cause retailers to withdraw ‘connected’ toy from sale

- By JANE BRADLEY

Amazon is among a group of retailers who have pulled a popular “connected” toy from sale, amid fears that it may pose a cyber-security risk.

Concerns were raised about Cloudpets last year when it emerged that voice recordings made by owners of the product were being stored online without protection.

The manufactur­er, Spiral Toys, claimed it had taken “swift action”, but subsequent research by Mozilla found that vulnerabil­ities remained.

Mozilla shared the findings with digital rights group the Electronic Frontier Founda- tion, which wrote a letter to US retailers selling the items.

“What Cloudpets demonstrat­es is the potential privacy risks that even a toy with limited connectivi­ty can pose,” it said.

Amazon appears to have removed the toys from sale on its US website, alongside other American retailers, including Target and Walmart, while UK brands Tesco and The Entertaine­r also used to stock Cloudpets toys, but both appear to have stopped doing so. However, Amazon’s UK site was still selling the toys last night.

In November, an investigat­ion by consumer organisati­on Which? found that the Blutooth connection on some “connected” toys, including Cloudpets, had not been secured, meaning that hackers could change messages without needing a pin or password.

Alex Neill, Which? managing director of home products and services, said: “Our research over the last year has demonstrat­ed concerning vulnerabil­ities in several smart toys, including Cloudpets.”

He added: “When you give a toy to a child you expect it to be safe and secure as a minimum. If that can’t be guaranteed, then the products should not be sold. Retailers should not be selling unsafe and unsecure connected toys.”

Newspapers in English

Newspapers from United Kingdom