Which? calls for security-unaware IoT toys to be yanked from shelves

Share

Which? found that there was no sort authentication process between the toys and the Bluetooth-enabled devices they connect with, Despite the fact at least two of the manufacturers said they took security very seriously, lack of authentication means that anyone within range could take control of the toy and access any data stored there. The flaws were found in popular toys such as Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets.

Which? found someone could hack CloudPets via its unsecured Bluetooth connection and make it play their own voice messages.

While a Bluetooth connection only works within 12 metres or so, there are ways to access them from a greater distance.

The Bluetooth connection on all the tested toys "had not been secured", according to the paper, "meaning the researcher did not need a password, pin or any other authentication to gain access".

Abe, Li to work toward early summit with South Korea's Moon
The tensions triggered by North Korea's missile tests were not mentioned during the opening statements of Duterte and Moon. The two countries agreed to normalize their ties in a joint statement issued by their foreign ministries on October 31.

The warnings come after United Kingdom consumer watchdog Which? urged major retailers to withdraw a number of "connected" toys that are expected to be popular at Christmas, after finding security failures that could put a child's safety at risk.

Connected toys keep getting released, and at this time of year there's a good chance that a lot of them will end up getting purchased.

"Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution".

Vivid Imaginations, which distributes the robot on behalf of manufacturer Genesis, downplayed fears over its security, adding that its toys fully comply with the Toy Safety Directive and European standards. "If that can't be guaranteed, then the products should not be sold". But, tech experts said it wouldn't be impossible for hackers to extend Bluetooth range.

Should You Hold The TJX Companies, Inc. (NYSE:TJX)
Guggenheim reaffirmed a "buy" rating and set a $85.00 target price on shares of The TJX Cos.in a report on Friday, September 30th. The rating was maintained by Cowen & Co on Thursday, September 28 with "Buy". (NYSE:TJX) received a Buy rating from 6 analysts.

Which? is now putting its foot down and is calling for all connected toys with proven security or privacy issues to be taken off sale, citing the example of the German "Cayla" doll being yanked from shelves after it was revealed that it records children's conversations and uploads them to the cloud. The company insisted it would be hard to hack the toy.

It added that manipulating the toy would require close proximity and "a number of very specific conditions that would all need to be satisfied in order to achieve the result described by the researchers at Which?".

A spokesperson for Hasbro, which makes the Furby Connect, said that children's privacy was a "top priority" and that they were created to comply with children's privacy laws.

IT Pro has asked for comment from Spiral Toys, which makes the Toy-fi Teddy, and CloudPets, but the companies have yet to issue a comment on Which?'s report.

Switzerland and Croatia qualify for 2018 FIFA World Cup
After taking the first leg in Northern Ireland 1-0, Switzerland was able to control the pace of play in the second leg, which ended scoreless.

Share