Researchers from the British consumer protection organization Which? found vulnerabilities in smart toys with Bluetooth or Wi-Fi connection support, allowing attackers to talk with the child.
As the study showed, four of the seven toys tested can be used to communicate with children playing with them. Vulnerabilities were found in toys Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets.
The problem is that the toys support an unprotected Bluetooth connection that does not require a password or any other form of authentication. A potential attacker would not have had the trouble to hack the device and begin messaging with the child.
In particular, Furby Connect can be connected to any device with Bluetooth support in the range of 10 to 30 meters. In the case of the i-Que robot, you can download the corresponding application, find the i-Que in the Bluetooth radar and use the robot's voice to communicate with the child by entering text into the text box. The toy is made by Genesis, also producing the My Friend Cayla doll, recently banned in Germany for security reasons.
Soft toys CloudPets, allowing you to send children messages that are played on the built-in speaker, can be hacked through an unprotected Bluetooth connection.
Toys Toy-Fi Teddy, which have the function of sending and receiving messages recorded via the application on a smartphone or tablet messages, also found security problems. As the researchers found, when connected via Bluetooth, these toys do not have any authentication, allowing attackers to send voice messages to the child and receive answers.
According to representatives of toy companies, the circumstances in which the researchers Which? conducted experiments, are "ideal", and in real life this development is extremely unlikely.
Recall that earlier the Norwegian Consumer Protection Council tested some models of children's "smart" watches from various manufacturers, including Gator and GPS for Kids and found in them a number of vulnerabilities that allow you to easily crack the gadget.