Hackers can “easily” access toys with Bluetooth or Wi-Fi connections and talk to children, a new study has found.
Research undertaken by Which? and the German consumer group Stiftung Warentest has revealed that a number of branded toys have security flaws, making it easy for “almost anyone” to hack into them.
The study found that four out of seven of the tested toys could be used to communicate with the children playing with them, The Guardian reports. The flaws were found in popular toys such as Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets.
Article continues belowThe Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Accessing the toy’s voice control would not need much technical know-how. The Bluetooth connection on all the tested toys “had not been secured”, according to the paper, “meaning the researcher did not need a password, pin or any other authentication to gain access.”
In response to the study, toymaker Hasbro said: “children’s privacy is a top priority and that is why we carefully designed the Furby Connect and the Furby Connect World app to comply with children’s privacy laws.”
The company said it was “confident” in the design of its toys and its ability to deliver a “secure play experience”.
But Professor Alan Woodward, a cyber-security expert from the University of Surrey, told BBC News that taking toys with security flaws off shop shelves was a “no brainer”.
“Sadly, there have been many examples in the past two to three years of connected toys that have security flaws that put children at risk”, he said.
Which? shares Professor Woodward’s views and is calling for all connected toys with proven security or privacy issues to be “taken off sale.”