Strangers 'can use smart toys to message children'

Pile of christmas presents

Pile of christmas presents

It says an investigation found no password and little technical knowledge was needed to hijack loudspeakers built into the toys.

A consumer group is urging major retailers to withdraw a number of "connected" or "intelligent" toys likely to be popular at Christmas, after finding security failures that it warns could put children's safety at risk.

Which? said it had now written to retailers asking them to stop selling toys "with proven security issues".

Connected toys keep getting released, and at this time of year there's a good chance that a lot of them will end up getting purchased. The lack of authentication means that, in theory, any device within physical range could link to the toy and take control or send messages, the watchdog said.

"In each of the toys, the Bluetooth connection had not been secured, meaning during the tests the hacker didn't need a password, PIN code or any other authentication to get access", the report read.

The tests were carried out in association with Which?'s German counterpart, Stiftung Warentest, and security researchers.

Tests revealed that four out of seven of some of the most popular IoT toys could be hacked in a way that let strangers manipulate built-in voice modules to communicate with a child.

The toys rely on Bluetooth connections to enable some of their features, including using a toy's voice to replay anything typed into a text box, but these were found to have been misconfigured and as a outcome could be easily hacked. It does not use any security features when pairing.

Jordan connects 12.9MW PV project in refugee camp
One of UNHCR's priorities globally is to bring renewable energy to refugees and their host communities. The construction of the solar plant saw the participation of many refugees from the camp.

The connection could be made via a smartphone or laptop, opening up opportunities to control the toy.

Which? security experts were able to upload and play a custom audio file on to the Furby, which is available from Argos, Amazon, Smyths and Toys R Us.

Consumer group Which? said an investigation found "worrying security failures" with the I-Que Intelligent Robot, Furby Connect, Toy-fi Teddy, and CloudPets cuddly toy.

The investigation also found that anyone could download the app for the i-Que Intelligent Robot, find one of the toys within Bluetooth range and start chatting using the robot's voice by typing into a text field.

'We feel confident in the way we have designed both the toy and the app to deliver a secure play experience'.

However, Which? found the Bluetooth lacks any authentication protections, meaning hackers could send their voice messages to a child and receive answers back.

Vivid Imagination, who produce the I-Que robot, said that they would review Which?'s claims, but insisted that they had never received reports of the toys "being used in a malicious way".

IT Pro has asked for comment from Spiral Toys, which makes the Toy-fi Teddy, and CloudPets, but the companies have yet to issue a comment on Which?'s report.

Noticias recomendadas

  • Los Cavaliers sacan la victoria en Nueva York

    Los Cavaliers sacan la victoria en Nueva York

    Pero los "Cavs" embocaron nueve triples en el último parcial, luego de atinar apenas siete en los primeros tres. George Hill lideró a Sacramento con 16 puntos, mientras que Zach Randolph y Buddy Hield añadieron 12 cada uno.
    Zlatan celebrates Sweden's qualification for 2018 World Cup

    Zlatan celebrates Sweden's qualification for 2018 World Cup

    We can think of one person who is most definitely revelling in all this feverish Zlatan chatter, and his name begins with a "Z". But after making good progress during his recovery, he's re-signed a new contract with the club.
    The Gaslamp Killer Files Defamation Suit Against Rape Accusers

    The Gaslamp Killer Files Defamation Suit Against Rape Accusers

    The Gaslamp Killer , real name William Bensussen , is suing a woman who last month accused him of raping both her and a friend. In an ensuing proclamation, Bensussen denied assault, saying that he and the two ladies had consensually had intercourse.
  • Lidl Now UK's Fastest Growing Supermarket For Fifth Consecutive Period

    Lidl Now UK's Fastest Growing Supermarket For Fifth Consecutive Period

    Sales at Iceland increased by 1.1 per cent, with share falling slightly to 2.0 per cent - down from 2.1 per cent past year . Discounter Lidl was Britain's fastest growing supermarket for the fifth straight period with sales up 15.1%.
    The President Of The Philippines Sang A Love Song For Donald Trump

    The President Of The Philippines Sang A Love Song For Donald Trump

    His government says the police act in self defence but critics say executions are taking place with no accountability. Duterte has been embroiled in controversies ever since he took the Philippines' presidential seat in June a year ago .
    Edgardo Bauza no va más como técnico de Arabia Saudita

    Edgardo Bauza no va más como técnico de Arabia Saudita

    Cabe destacar que el conjunto asiático venía de perder el último viernes otro amistoso por 3-0 con Portugal. Uno de los candidatos que suena fuerte es el de su compatriota Ramón Díaz.
  • DeepHeart AI IDs sleep apnea, hypertension via Apple Watch

    DeepHeart AI IDs sleep apnea, hypertension via Apple Watch

    Thenm you'd guide them through the appropriate final diagnosis, which would be through a blood pressure cuff and then treatment." The University of California surveyed a total of 6115 participants with an Apple Watch that used the Cardiogram app.
    Tiemoue Bakayoko: France's midfield options 'aren't better than me'

    Tiemoue Bakayoko: France's midfield options 'aren't better than me'

    Bakayoko is right to feel aggrieved, but questioning your manager's decision making is not the right way to go about it. This claim has surprised many a Chelsea fans and neutrals as well.
    Qatari emir: Boycotting Arab nations don't want to negotiate

    Qatari emir: Boycotting Arab nations don't want to negotiate

    Morocco and Qatar vowed to enhance bilateral cooperation, while hailing the "excellent relations" between the two countries. The two heads of state also discussed regional and global topics of shared interest, it added, without disclosing details.
  • Russian FM says Iran can legitimately stay in Syria

    Russian FM says Iran can legitimately stay in Syria

    The statement came as officials from the US National Security Council flew into Israel for talks with security heads , primarily over the US-Russia agreement regarding Syria and Iran's growing threat to the region.
    How long you've got left now to spend your old £10 notes

    How long you've got left now to spend your old £10 notes

    Old notes can still be spent before this cut-off date and exchanged at the Bank once this point has passed. You have until March to spend your old £10 notes before they stop being accepted as legal tender.

    Israel tiene las manos libres para ataques a Siria — Netanyahu

    El primer ministro de Israel, Benjamin Netanyahu, dijo hoy que informó a Estados Unidos y a Rusia que Israel seguirá realizando operaciones militares en Siria.

Nos complace brindar esta oportunidad para compartir información, experiencias y observaciones sobre lo que está en las noticias.
Algunos de los comentarios se pueden reimprimir en otras partes del sitio o en el periódico.
Gracias por tomarse el tiempo para ofrecer sus pensamientos.