By allowing ads to appear on this site, you support the local businesses who, in turn, support great journalism.
Company says these holiday toys put you at risk for security hacks
95d3bfbae9682f218d7d48087b5d2c22763cad0a97f9a377d08def292e6e303f
According to BBC, the company Which? has asked retailers to stop selling popular toys with security issues. - photo by Herb Scribner
A consumer watchdog company has called several internet-connected toys into question just ahead of the holiday shopping season.

According to BBC, the U.K.-based company Which? has asked retailers to stop selling popular toys with security issues, including the Furby Connect, i-Que Robot, CloudPets and Toy-fi Teddy, all of which can connect to the internet or Bluetooth.

The toys dont require any authentication when customers connect the toys to Bluetooth, which creates security issues, Which? said. Specifically, a separate party or hack could connect to the toys, gaining the ability to send messages or take control of the toy.

For example, the company said someone could, in theory, connect to the Furby Connects Bluetooth and then connect to any other tech device within range of the toy that has Bluetooth capabilities, according to The Guardian.

"Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution," said Alex Neill, managing director of home products and services at Which?, according to BBC. "Safety and security should be the absolute priority with any toy. If that can't be guaranteed, then the products should not be sold."

Hasbro, who creates the Furby Connect, said in a statement to The Guardian that the security concerns Which? created from specific conditions that would require "a tremendous amount of engineering to reverse-engineer the product as well as to create new firmware."

Vivid Imagination, who creates the i-Que toy, said it hasnt seen any reports of the toy being manipulated.

The British Toy and Hobby Association said in a statement that it will monitor these toys to ensure that theyre safe.

We are aware of the Which? report, but understand the circumstances in which these investigations have taken place rely on a perfect set of circumstances and manipulation of the toys and the software that make the outcome highly unlikely in reality," the association said.

Security concerns over smart toys are increasing. CloudPets drew criticism back in February for its security oversight, according to The Huffington Post.

The companys toys allow for people to store and replay voice messages and send them over the internet. Customer information like the login and password information, along with those voice recordings was stored in an easily accessible location, The Huffington Post reported.

Online security expert Troy Hunt told The HuffPost that he discovered peoples kids names, birthdays and relationship with the person they sent messages to.

One customer tweeted out how hackers could even send messages through the toys, too.

The FBI warned parents back in July about the potential issues with connected toys, saying that smart toys often use cameras, sensors and microphones, which could all create security issues.

"These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed," the FBI said, according to NBC News.

Robert Siciliano, CEO of IDTheftSecurity.com, told NBC News that parents "should further make sure that the device firmware is updated, their own PCs are properly protected, and the Wi-Fi is secure," he said. "And use strong passwords."
Sign up for the Herald's free e-newsletter