In recent years, we’ve seen advancements in technology hurtle forward at an incredible pace, and children’s electronic toys can sometimes be at the forefront of such developments. Many kids don’t want plain teddy bears and dolls any more; they want intelligent robots that can interact with them.
Consumer watchdog, Which?, joined up with a similar German organisation, Stiftung Warentat, and together they made the chilling discovery that a lot of popular kids electronic toys can apparently be hacked. Enlisting the help of third-party security experts, they tested seven different toys and four of them were vulnerable to hacking.
The following four failed the test:
- CloudPet cuddly toys
- Furby connect
- I-Que intelligent robot
- Toy-fi Teddy
Adults can connect some of the above toys to their phones to control them remotely and communicate with a child. These toys reportedly have unsecured Bluetooth connections which means that third parties can access the connection without a password or a PIN. Okay, hackers may need to be in fairly close proximity to tap into the Bluetooth connection, but it still allows nearby neighbours – especially in tightly packed apartments – the opportunity to hack a nearby toy with ease.
The experts managed to hack into the Furby using a laptop and uploaded their own audio file, which the Furby then played out. This means that hackers nearby could talk to children through their Furby toy.
The risk to children is horrifying as they are vulnerable and often easy to manipulate. Hackers could in theory instruct a child to do anything they want.
A similar situation reportedly played out with the I-Que Intelligent Robot. The experts simply downloaded the I-Que app, searched for a nearby device, and connected to it. From there, the experts could type anything they wanted into the text field and the robot would read it out loud.
The same Bluetooth vulnerability allowed the experts to make audio messages for the CloudPets toys and the Toy-go Teddy. Which? recommends that children do not play with these toys on their own.
Wowee Chip, a robot dog, apparently also has the same vulnerability, but experts were unable to use it to speak through it. Generally, Bluetooth connection only works within a 12 metre radius, but there are ways to extend the connection.
Back in September 2015, Smart Toy Bear was discovered to be hackable. Hackers could get into the toy’s connected app and steal the child’s name, birth date, gender and other information. After manufacturer Fisher-Price found out about the vulnerability, they quickly patched it up. One of the researchers who discovered the breach, Rod Beardsley, warned that hackers could target the family and trick them into providing more information by phishing. He also noted that parents often use children’s names as their passwords.