Serious security flaws found in children’s smart toys
An investigation of seven connected technology toys sold by major retailers has revealed serious security flaws with three of them. This means a stranger could potentially exploit flaws in the design to communicate with children.
The £30 Vtech KidiGear Walkie Talkies could allow someone to start a two-way conversation with a child from a distance of up to 200 metres.
Campaign group Which? and NCC Group also found that the Karaoke microphone and Singing Machine SMK250PP both could allow people within 10 metres to send recorded messages to a child as the Bluetooth has no authentication such as a PIN.
The artificial intelligence Boxer Robot, Mattel Bloxels, a board game and educational web portal, coding game Sphero Mini and the Singing Machine were all found to have security issues leaving them subject to hacking.
Which? said users aren’t required to create strong passwords for online accounts meaning personal data could be at risk if the account is compromised or if the company behind the online service suffered a data breach.
Bloxels and Sphero Mini also had no filter to prevent explicit language or offensive images being uploaded to their online platforms. Any child using the public portal or app on these products could then see or hear this content.
In October 2018, the Department for Digital, Culture, Media and Sport (DCMS) set out a new voluntary code to improve the security of connected technology products, but just three manufacturers have signed up.
Which? is now calling for it to be mandatory for manufacturers to ensure their products meet security standards before hitting the shelves. It wants to see basic security as a first step, including the requirement of a password, data to have encryption and consistent security updates.
Natalie Hitchins, Which? head of home products and services, said: “While there is no denying the huge benefits smart gadgets can bring to our daily lives, the safety and security of users should be the absolute priority.
“The next government must ensure manufacturers design connected tech products with security as paramount if it is going to prevent unsecure products ending up in people’s homes.”