Nov 15, 2017Industry insights,
IoT toys with security issues
As we start to head towards the festive season, and with Black Friday and Cyber Monday literally days away, it’s worth vetting your gifts more thoroughly. The UK consumer rights group ‘Which?’ has published an article, warning consumers of the dangers of giving children connected toys this Christmas.
The Internet of Things is already a haven for creating network vulnerabilities, as we have documented in our previous article ‘How safe is the Internet of Things?’, as the security measures in place are either not robust enough, or aren’t followed correctly. However, this particular risk hones in on the toys that many children will be hoping for this year. It follows a 12 month investigation that researched the security measures on several popular Bluetooth or Wi-Fi toys, most of which are currently on sale with major retailers. The research has sought to highlight some concerning vulnerabilities with these devices, although the findings covered four of the toys: The Furby Connect, I-Que Intelligent Robot, Toy-fi Teddy’ and CloudPets soft toy.
Although these toys pose varying level of risk, just how easy it is to infiltrate the device, connect to it via pairing and then use the device to talk directly to the child is overwhelmingly concerning. You might think that a hacker would need to be fairly technical to be able to connect to such a device, however with Bluetooth ranges generally effective to around 10 meters, it could pose a significant risk if there was any malicious intent nearby. In addition, there are methods of increasing this range, which adds an extra layer of concern.
As with all IoT devices, make sure you follow the correct configuration and set up process. This should include creating a secure password, and applying the same level of caution and supervision with these toys as you would if you provided your child with a smartphone. If this is not practical, maybe the latest connectable isn’t going to be on Santa’s delivery list this year.