Vulnerability – Children’s Smart Toys

An investigation into children’s smart toys conducted by consumer association Which? has found worrying security vulnerabilities in some toys sold by major retailers.  Working with security specialists, NCC Group, they tested seven different smart toys sold by retailers such as Amazon, Argos and John Lewis, including karaoke machines, walkie-talkies and interactive toys.  They found issues that could potentially put children at risk such as open Bluetooth connections, and unsecure online platforms and user accounts.

Having carried out a similar report 2 years ago, Which? were concerned to find the the same issues again and are calling on the toy industry to tighten up the security of their products.  They have also published advice on what to consider when using and buying smart toys.  This includes researching the product carefully to find out exactly how a child interacts with it and to see if there have been any previous security concerns raised.  If the toy requires setting up an account, then only submit the minimum amount of personal information required and set strong passwords.  Supervise a child when they are playing with the toy, especially if it allows them to send and receive messages, and turn it off when it is not in use.

Kids’ karaoke machines and smart toys from Mattel and Vtech among those found to have security flaws