Which? calls on next government to halt unsecure smart toys

Which? has exposed serious security flaws with popular children’s smart toys and is calling for the next government to introduce mandatory security standards to prevent unsecure products being available for sale.

In collaboration with security specialist NCC Group, the consumer champion conducted a snapshot test of connected toys sold by major retailers - including Amazon, Argos, John Lewis and Smyths - and found they are lacking in basic security which leaves them vulnerable to being hacked and could even enable a stranger to talk to a child.

The Department for Digital, Culture, Media and Sport established a new voluntary code in October 2018 to improve the security of connected technology products, but most manufacturers have failed to sign up - only three have done so publicly.

Which? looked at seven popular devices and found that with three of them, a stranger could exploit flaws in the design to communicate with a child.

A security flaw in the £30 Vtech KidiGear Walkie Talkies could allow someone to start a two-way conversation with a child from a distance of up to 200 meters.

It also found security flaws in theKaraoke microphone sold online by relatively unknown brand Xpassion/Tenva which could allow people within 10 meters to send recorded messages to a child, because the Bluetooth has no authentication such as a PIN.

The tests also revealed Boxer Robot, Mattel Bloxels and Sphero Mini all had security issues which leave them open to hacking. Users are not required to create strong passwords for their online accounts, meaning their personal data could be at risk if the account is compromised, or if the company running the online service suffered a data breach.

Two of the seven products Which? looked at - Bloxels and Sphero Mini - also had no filter to prevent explicit language or offensive images being uploaded to their online platforms.

Which? is therefore calling on the next government to introduce a mandatory requirement for connected devices to be appropriately secured before they reach the point of sale in the UK.

Natalie Hitchins, Which? head of home products and services, said: “While there is no denying the huge benefits smart gadgets can bring to our daily lives, the safety and security of users should be the absolute priority.

“The next government must ensure manufacturers design connected tech products with security as paramount if it is going to prevent unsecure products ending up in people’s homes.”

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.