Complete strangers may be able to message or directly talk to your kids thanks to security flaws in some popular toys, experts warn.
Consumer groups are calling on retailers to take these “connected” or “intelligent” toys, which could put children’s safety at risk, off the shelves immediately.
“That person would need hardly any technical know-how to ‘hack’ your child’s toy,” they caution in the report.
Security failures turned up in the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy, and CloudPets. Specifically, the Bluetooth connection was not secured in any of these toys, so researchers did not need a password, pin, or any other authentication to gain access to them.
However, since the range of Bluetooth is typically limited to about 32 feet, the main concern would be individuals with malicious intent in the child’s immediate vicinity.
As toy makers outdo one another in the race to pack ever more tech-enhanced features into their toys, including Wi-Fi and Bluetooth connectivity, regulators are trying to keep up to reduce the risk of exploitation.
Hasbro, maker of Furby Connect, one of the toys identified in the Which? report, says the company takes children’s security very seriously, but that it is highly unlikely that their toy would actually be manipulated.
“These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities—including speech recognition and GPS options,” the agency wrote in the advisory, cautioning that certain toys could be hacked to record video and audio of children without their parents’ knowledge.
The FBI suggests that adults research any Wi-Fi or Bluetooth-enabled toys before giving them to a child; and that if they do have them, to take proper measures to secure them.
This could mean using pins or passcodes when pairing devices and encryption for any data that is transmitted. It also suggests that parents research if data collected from these toys is being stored by a third party, and to update the toys’ software and/or firmware with security patches as they become available.