Security flaws discovered in a number of children’s smart toys


10 Dec 2019143 Views

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Image: © Rawpixel.com/Stock.adobe.com

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

A UK consumer group wants the next government to make it mandatory for manufacturers to ensure smart products meet appropriate security standards.

Security flaws have been found in a number of smart toys, leaving children at risk of being contacted by strangers, according to UK consumer association Which?

The consumer group is urging the next UK government to make it mandatory for manufacturers to ensure smart products meet appropriate security standards before they are able to go on sale.

In its latest investigation of seven smart toys ahead of Christmas – sold by major retailers including Amazon, Argos, John Lewis and Smyths – it said that three were vulnerable to being hacked.

The consumers’ association claimed that a security flaw in Vtech’s £30 KidiGear Walkie Talkies could allow a person to start a two-way conversation with a child from a distance of up to 200 metres.

In response to this claim, Vtech said that the attacker would need to initiate pairing within 30 seconds of a child switching on their device in order to connect to the device.

Weak Bluetooth security was also uncovered in children’s karaoke products, Karaoke Microphone – sold online by relatively unknown brand Xpassion/Tenva – and Singing Machine SMK250PP by Singing Machine, meaning a person could send recorded messages within 10 metres without protections such as a PIN. Singing Machine responded saying it follows “best practices” and “testing standards”.

Online platforms

The group also warned that personal data of those who own the Singing Machine, as well as other toys including an AI-powered Boxer Robot, the board game Mattel Bloxels or coding game Sphero Mini, is at risk, after finding that users are not required to create strong passwords for their online accounts.

Meanwhile, Bloxels and Sphero Mini had no filter protections to prevent explicit language or offensive images being uploaded to their online platforms, Which? said.

The consumer group wants basic measures such as requiring a unique password before use, data encryption and consistent security updates to be taken seriously by the industry.

“While there is no denying the huge benefits smart gadgets can bring to our daily lives, the safety and security of users should be the absolute priority,” explained Natalie Hitchins, Which? head of home products and services.

“The next government must ensure manufacturers design connected tech products with security as paramount if it is going to prevent unsecure products ending up in people’s homes.”

– PA Media