Smart toys can be an appealing gift idea, but be careful: the Bluetooth connectivity in some products can make them easy to hack, according to a consumer watchdog.
On Tuesday, the UK-based group known as Which? claimed that four different smart toys can be hijacked by a stranger to talk to a child: the Furby Connect, the i-Que Intelligent Robot, the Toy-Fi Teddy, and CloudPets.
All four products pair with a smartphone over a Bluetooth connection to relay data. The problem is that the Bluetooth connection is completely open, meaning anyone in range can access the four toys simply by using their smartphone, according to the consumer watchdog.
"In all cases, it was found to be far too easy for someone to use the toy to talk to a child," it claimed.
The hacks have a limitation: a stranger would have to be within Bluetooth range, or about 32 feet, of the toys. Nevertheless, Which? is urging the toy makers to secure their products.
"You wouldn't let a young child play with a smartphone unsupervised and our investigation shows parents need to apply the same level of caution if considering giving a child a connected toy," said Alex Neill, the organization's managing director of home products and services.
Hasbro, the maker behind the Furby Connect, is taking the reported issue "very seriously," but noted that the hack requires the attacker to be both close to the toy and possess the technical knowledge to re-engineer the product's firmware.
- FBI: Your Kid's Internet-Connected Toys Might Be Spying on Them FBI: Your Kid's Internet-Connected Toys Might Be Spying on Them
"We feel confident in the way we have designed both the toy and the app to deliver a secure play experience," a Hasbro spokeswoman said in an email. The toy maker hired a third party to do security testing on the Furby Connect product and it complies with local privacy laws, Hasbro said.
The UK distributor behind i-Que also said there's been no reports of anyone maliciously abusing the toy's Bluetooth connectivity, Which? said.
Still, even the FBI has warned consumers to be aware of the security and privacy risks associated with connected toys. The agency encourages consumers to research connected toys before buying and has published a list of recommendations on how parents can keep their children safe around such products.