Which? calls for security-unaware IoT toys to be yanked from shelves

Connected toys have 'worrying' security issues

Hacking fears over cuddly toys with Bluetooth

Which?, a United Kingdom -based consumer products safety testing firm, found security holes in four out of seven Wi-Fi- and Bluetooth-enabled toys it tested-CloudPets, the i-Que Intelligent Robot, the Furby Connect, and Toy-Fi Teddy.

Consumer group Which? said an investigation found "worrying security failures" with the I-Que Intelligent Robot, Furby Connect, Toy-fi Teddy, and CloudPets (pictured) cuddly toy.

For example, the company said someone could, in theory, connect to the Furby Connect's Bluetooth and then connect to any other tech device within range of the toy that has Bluetooth capabilities, according to The Guardian.

Which? also tested Wowee Chip, Mattel Hello Barbie, and Fisher Price's Smart Toy Bear but couldn't find evidence that these toys had any security issues.

Vivid Imaginations, which distributes the i-Que robot toy, told Which? it will "actively pursue this matter" with the manufacturer after "communicating the issues" raised in the published reports.

"While there is no denying the huge benefits these devices can bring to our daily lives, safety and security should be the absolute priority".

These unsecure connections meant that researchers didn't need a password or a PIN to access the device and that very little technical know-how was needed to take control of the voice module.

The toys rely on Bluetooth connections to enable some of their features, including using a toy's voice to replay anything typed into a text box, but these were found to have been misconfigured and as a outcome could be easily hacked.

Connected toys have 'worrying' security issues
Children's toys that connect to wifi and Bluetooth could pose serious threat, claims expert

Similarly, Furby Connect, which is sold by Argos, Amazon, Toys R Us and Smyths, uses no security features while pairing with other Bluetooth devices, including laptops, thereby allowing anyone within its range to remotely communicate with a child.

Working with security researchers the group has spent the past 12 months investigating several popular Bluetooth or wi-fi toys that are on sale at major retailers, and says it found "concerning vulnerabilities" in several devices that could "enable anyone to effectively talk to a child through their toy".

However, Which? found the Bluetooth lacks any authentication protections, meaning hackers could send their voice messages to a child and receive answers back.

Hasbro, which makes the Furby Connect, said: "Children's privacy is a top priority, and that is why we carefully designed the Furby Connect and the Furby Connect World app to comply with children's privacy laws". The company insisted it would be hard to hack the toy.

Hasbro said manipulating the toy as Which? had done would require "a number of very specific conditions that would all need to be satisfied", but added that it took the report "very seriously".

"A tremendous amount of engineering would be required to reverse engineer the product as well as to create new firmware".

Toy-fi Teddy allows a child to send and receive personal recorded messages over Bluetooth via a smartphone or tablet app.

Unveiled! First ever hijab-wearing Barbie designed after Olympian Ibtihaj Muhammad
Muhammad worked with Mattel every step of the way in the design process to make sure that the doll resembled her. The doll, which will be available for purchase next year, was announced at Glamour's Women of the Year Summit.

Latest News