Smart toys have big security flaws, consumer report finds – CNET

Some of the coolest gifts on the shelves this year have security flaws that leave them vulnerable to hacking and could put children at risk.

Consumer safety group Which? researched connected toys for 12 months, and found vulnerabilities in the Furby Connect, I-Que Intelligent Robot, CloudPets and Toy-fi Teddy. It found that these toys use unsecured Bluetooth connections and it would be “too easy” for someone to use them to talk to a child.

“That person would need hardly any technical know-how to ‘hack’ your child’s toy,” the report warned.


The My Friend Cayla doll turned out not to be so friendly, according to a complaint filed with the FTC.

Gensis Toys

Which? noted that Bluetooth range is usually limited to about 10 metres, so the main concern would be people nearby with malicious intent. However, it wouldn’t be impossible to extend Bluetooth range.   

As more toys add Wi-Fi and Bluetooth connections to pack in new skills and features, regulators have kept a wary eye on them for security vulnerabilities. Earlier this year, German regulators removed the My Friend Cayla smart doll from the market after classifying it as an “espionage device.” And CloudPets was criticised for leaving account information and voice recordings exposed online.

CNET reached out to Spiral Toys (which makes CloudPets and Toy-fi Teddy), Furby-maker Hasbro and Genesis Toys, which makes the I-Que Robot. They did not immediately respond to a request for comment.

You can see the results of the study in the video from Which?, below:

Playtime is Over: Can smart toys ever be safe?

The Smartest Stuff: Innovators are thinking up new ways to make you — and the world around you — smarter.

Leave a Reply

Your email address will not be published. Required fields are marked *