Group Calls for IoT-Enabled Toys Ban

Just as the holiday shopping season is about to get underway, a U.K. consumer group is urging authorities to issue a ban on IoT-enabled toys with proven security flaws. The flaws allow the toys to be easily hacked, said the group, which could allow a stranger to communicate with a child.

Which?, a consumer rights group, worked with security researchers over the past year to investigate several popular IoT-connected toys that use Wi-Fi or Bluetooth. The toys are available at major retailers and the group says they contain significant security issues.

The group published its findings on four specific toys: CloudPets, ToyFi Teddy, Furby Connect and I-Que Intelligent Robot. CloudPets, in particular, raised eyebrows with security experts when it was discovered that the manufacturer was storing thousands of unencrypted recordings of kids using the toy in a publicly accessible database.  The company has since deleted that database.

The group said hacking the toys is just too easy, noting that it was a simple thing for someone to pair their device to the toys and talk to the child. They pointed out the toys’ Bluetooth connections are completely unsecured with no need for a password or any other credentials to gain access.

IoT-Enabled Toys Easy to hack

“A person would need hardly any technical know-how to ‘hack’ your child’s toy,” they said in their report, “Bluetooth has a range limit, usually 10 meters, so the immediate concern would be someone with malicious intentions nearby. However, there are methods for extending Bluetooth range, and it’s possible someone could set up a mobile system in a vehicle to trawl the streets hunting for unsecured toys.”

The company said these toys and any others with security vulnerabilities need to be yanked off the market.

Alex Neill, managing director of Home Products and Services at Which?, said: “Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution. “Safety and security should be the absolute priority with any toy. If that can’t be guaranteed, then the products should not be sold.”