Connected toys can be hacked by ‘almost anyone’
Strangers could use popular toys such as Furby or CloudPets to speak to children
Research undertaken by Which? and the German consumer group Stiftung Warentest has revealed that a number of branded toys have security flaws, making it easy for “almost anyone” to hack into them.
The study found that four out of seven of the tested toys could be used to communicate with the children playing with them, The Guardian reports. The flaws were found in popular toys such as Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets.
Accessing the toy’s voice control would not need much technical know-how. The Bluetooth connection on all the tested toys “had not been secured”, according to the paper, “meaning the researcher did not need a password, pin or any other authentication to gain access.”
In response to the study, toymaker Hasbro said: “children’s privacy is a top priority and that is why we carefully designed the Furby Connect and the Furby Connect World app to comply with children’s privacy laws.”
The company said it was “confident” in the design of its toys and its ability to deliver a “secure play experience”.
But Professor Alan Woodward, a cyber-security expert from the University of Surrey, told BBC News that taking toys with security flaws off shop shelves was a “no brainer”.
“Sadly, there have been many examples in the past two to three years of connected toys that have security flaws that put children at risk”, he said.
Which? shares Professor Woodward’s views and is calling for all connected toys with proven security or privacy issues to be “taken off sale.”