Slashdot Mirror

← Back to Stories (view on slashdot.org)

Investigation Finds Security Flaws In 'Connected' Toys (theguardian.com)

Posted by BeauHD on from the always-listening dept.

An anonymous reader quotes a report from The Guardian: A consumer group is urging major retailers to withdraw a number of "connected" or "intelligent" toys likely to be popular at Christmas, after finding security failures that it warns could put children's safety at risk. Tests carried out by Which? with the German consumer group Stiftung Warentest, and other security research experts, found flaws in Bluetooth and wifi-enabled toys that could enable a stranger to talk to a child. The investigation found that four out of seven of the tested toys could be used to communicate with the children playing with them. Security failures were discovered in the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets. With each of these toys, the Bluetooth connection had not been secured, meaning the researcher did not need a password, pin or any other authentication to gain access. Little technical knowhow was needed to hack into the toys to start sharing messages with a child.

1 of 32 comments (clear)

  1. Re:Nintendo DS by tlhIngan · · Score: 3, Interesting

    The same scare tactics appeared when the Nintendo DS with Pictochat was released. "stalkers" could chat with your child! But what is the wireless range of the devices? 30ft or so? So basically already within visual and verbal range to begin with. But now its exactly the same thing "BUT WITH A COMPUTER" (wait, isn't this the new Slashdot meme for patents, to just take normal every day activities and items, slap "with a computer" on it, and patent it all over again..?)

    Except two things.

    1) Pictochat only works if you're in the application. Once you exit, you can no longer send nor receive. And on the NIntendo DS, that's trivially easy to do by doing something else on the DS.

    2) Bluetooth has a range of 30' to 100'.

    If these toys are disregarding basic Bluetooth security, then it's possible for someone to simply establish a Bluetooth connection and potentially listen in, too. Being able to connect to one of these devices and use it as a spy gadget is useful

    At least Pictochat is controllable - it only works when it's running. But these toys, if you can commandeer them to listen in 24/7 are far more dangerous