Which? calls for security-unaware IoT toys to be yanked from shelves

Share

Which? found that there was no sort authentication process between the toys and the Bluetooth-enabled devices they connect with, Despite the fact at least two of the manufacturers said they took security very seriously, lack of authentication means that anyone within range could take control of the toy and access any data stored there. The flaws were found in popular toys such as Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets.

Which? found someone could hack CloudPets via its unsecured Bluetooth connection and make it play their own voice messages.

While a Bluetooth connection only works within 12 metres or so, there are ways to access them from a greater distance.

The Bluetooth connection on all the tested toys "had not been secured", according to the paper, "meaning the researcher did not need a password, pin or any other authentication to gain access".

Karni Sena activists vandalise theatre in Rajasthan
Workers of the right-wing organisation stormed into Aakash Mall in Kota where the cinema hall was located, and vandalised it. But the makers of Padmavati said that they can do that only after it is granted a certificate by the censor board.

The warnings come after United Kingdom consumer watchdog Which? urged major retailers to withdraw a number of "connected" toys that are expected to be popular at Christmas, after finding security failures that could put a child's safety at risk.

Connected toys keep getting released, and at this time of year there's a good chance that a lot of them will end up getting purchased.

"Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution".

Vivid Imaginations, which distributes the robot on behalf of manufacturer Genesis, downplayed fears over its security, adding that its toys fully comply with the Toy Safety Directive and European standards. "If that can't be guaranteed, then the products should not be sold". But, tech experts said it wouldn't be impossible for hackers to extend Bluetooth range.

IndiGo flight hits wild boar at Visakhapatnam airport, passengers safe
The incident occurred at around 10 p.m. on Sunday when the wild boar ran into the flight path, hitting a rear wheel. The flight 6E-742 got late by three hours, It was scheduled to arrive at 11:15 pm but it landed at 2:15 am.

Which? is now putting its foot down and is calling for all connected toys with proven security or privacy issues to be taken off sale, citing the example of the German "Cayla" doll being yanked from shelves after it was revealed that it records children's conversations and uploads them to the cloud. The company insisted it would be hard to hack the toy.

It added that manipulating the toy would require close proximity and "a number of very specific conditions that would all need to be satisfied in order to achieve the result described by the researchers at Which?".

A spokesperson for Hasbro, which makes the Furby Connect, said that children's privacy was a "top priority" and that they were created to comply with children's privacy laws.

IT Pro has asked for comment from Spiral Toys, which makes the Toy-fi Teddy, and CloudPets, but the companies have yet to issue a comment on Which?'s report.

Star Hero's 1.3 Crore Children's Day Gift To Son
The jeep is in cherry red colour and instantly grabs the eyeballs. He bought the SRT and had a brief chat with the media.

Share