Which? calls on next government to halt unsecure smart toys

Which? has exposed serious security flaws with popular children’s smart toys and is calling for the next government to introduce mandatory security standards to prevent unsecure products being available for sale.

In collaboration with security specialist NCC Group, the consumer champion conducted a snapshot test of connected toys sold by major retailers - including Amazon, Argos, John Lewis and Smyths - and found they are lacking in basic security which leaves them vulnerable to being hacked and could even enable a stranger to talk to a child.

The Department for Digital, Culture, Media and Sport established a new voluntary code in October 2018 to improve the security of connected technology products, but most manufacturers have failed to sign up - only three have done so publicly.

Which? looked at seven popular devices and found that with three of them, a stranger could exploit flaws in the design to communicate with a child.

A security flaw in the £30 Vtech KidiGear Walkie Talkies could allow someone to start a two-way conversation with a child from a distance of up to 200 meters.

It also found security flaws in theKaraoke microphone sold online by relatively unknown brand Xpassion/Tenva which could allow people within 10 meters to send recorded messages to a child, because the Bluetooth has no authentication such as a PIN.

The tests also revealed Boxer Robot, Mattel Bloxels and Sphero Mini all had security issues which leave them open to hacking. Users are not required to create strong passwords for their online accounts, meaning their personal data could be at risk if the account is compromised, or if the company running the online service suffered a data breach.

Two of the seven products Which? looked at - Bloxels and Sphero Mini - also had no filter to prevent explicit language or offensive images being uploaded to their online platforms.

Which? is therefore calling on the next government to introduce a mandatory requirement for connected devices to be appropriately secured before they reach the point of sale in the UK.

Natalie Hitchins, Which? head of home products and services, said: “While there is no denying the huge benefits smart gadgets can bring to our daily lives, the safety and security of users should be the absolute priority.

“The next government must ensure manufacturers design connected tech products with security as paramount if it is going to prevent unsecure products ending up in people’s homes.”

Related Articles