A consumer watchdog company has called several internet-connected toys into question just ahead of the holiday shopping season.
According to BBC, the U.K.-based company Which? has asked retailers to stop selling popular toys with security issues, including the Furby Connect, i-Que Robot, CloudPets and Toy-fi Teddy, all of which can connect to the internet or Bluetooth.
The toys don’t require any authentication when customers connect the toys to Bluetooth, which creates security issues, Which? said. Specifically, a separate party or hack could connect to the toys, gaining the ability to send messages or take control of the toy.
For example, the company said someone could, in theory, connect to the Furby Connect’s Bluetooth and then connect to any other tech device within range of the toy that has Bluetooth capabilities, according to The Guardian.
“Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution,” said Alex Neill, managing director of home products and services at Which?, according to BBC. “Safety and security should be the absolute priority with any toy. If that can’t be guaranteed, then the products should not be sold.”
Hasbro, who creates the Furby Connect, said in a statement to The Guardian that the security concerns Which? created from specific conditions that would require “a tremendous amount of engineering to reverse-engineer the product as well as to create new firmware.”
Vivid Imagination, who creates the i-Que toy, said it hasn’t seen any reports of the toy being manipulated.
The British Toy and Hobby Association said in a statement that it will monitor these toys to ensure that they’re safe.
“We are aware of the Which? report, but understand the circumstances in which these investigations have taken place rely on a perfect set of circumstances and manipulation of the toys and the software that make the outcome highly unlikely in reality,” the association said.
Security concerns over smart toys are increasing. CloudPets drew criticism back in February for its “security oversight,” according to The Huffington Post.
The company’s toys allow for people to store and replay voice messages and send them over the internet. Customer information — like the login and password information, along with those voice recordings — was stored in an easily accessible location, The Huffington Post reported.
Online security expert Troy Hunt told The HuffPost that he discovered people’s kids’ names, birthdays …read more
Source:: Deseret News – U.S. & World News