Talking toys are nothing new. But seeing as preset phrases just don't cut it anymore, new personalized talking toys have hit the market. But in letting connected toys be customized and connected in this way, some of these inventions have inadvertently opened up the possibility that, by using smart toys, strangers could possibly talk to your kids. And a swath of toys are subject to hacking, a new investigation has found.
Tests by Which? and the German consumer group Stiftung Warentest, as well as other security research experts, "found flaws in Bluetooth and wifi-enabled toys that could enable a stranger to talk to a child," The Guardian reported. Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy, and CloudPets were all easily connected to, without any password or substantial security protection.
Romper has reached out to the respective companies as well as Amazon for comment and is awaiting a response. Hasbro, maker of the Furby Connect, told Romper in a statement: "Children’s privacy is a top priority, and that is why we carefully designed the Furby Connect and the Furby Connect World app to comply with children’s privacy laws. We feel confident in the way we have designed both the toy and the app to deliver a secure play experience.” Meanwhile, Vivid Imagination, maker of the I-Que, told the BBC that it will review the research in question, but that is has "no reports of these products being used in a malicious way."
The investigation found that all of the toys were able to be invaded in different ways, but the main similarity is that no passwords, codes, or authentications were required. The Furby Connect, researchers found, could be connected to a device using Bluetooth with a proximity of 10 to 30 meters (roughly 33 and 98 feet). The i-Que Intelligent Robot has an app component to it that anyone can download. Any phone holder could therefore, as researchers pointed out, control the robot's voice with customized, typed messages.
Another toy, CloudPets, allows an exchanging of messages that are read through a speaker, but seeing as it has an unsecured Bluetooth connection, the component was hackable and easily latched onto. And lastly, Which? discovered issues in the Toy-Fi Teddy, which is intended to permit the sending of recorded messages on Bluetooth using an app. But, in order to hop onto the Bluetooth connection, no authentications were needed, so anyone on the network could communicate back and forth with a child, as Gizmodo noted.
Hear that? It's the sound parents everywhere throwing anything Bluetooth-enabled out the window.
So does this mean that parents should ditch all connected toys and opt for safe, connection-free teddy bears instead? It might be a smart call, Alex Neill suggested, the managing director of home products and services at Which?, noting that there are lots of adjustments needed. “Connected toys are becoming increasingly popular," Neill told The Guardian, "but as our investigation shows, anyone considering buying one should apply a level of caution ... Safety and security should be the absolute priority with any toy. If that can’t be guaranteed, then the products should not be sold." And no doubt, parents likely agree.
"Whether it is sloppiness on the part of the manufacturer, or their rush to build a product down to a certain price, the consequences are the same," Cyber-security expert and Professor Alan Woodward from Surrey University told the BBC, noting that he believes the toys should no longer be on sale.
Suffice it to stay: if you're looking to get your child a connected toy this holiday season, it might be smart to hold off for a bit until the technology (and the necessary security measures) catches up. Sure, those pre-recorded phrases might drive you crazy with their repetition, but the alternative probably isn't worth the risk.
Check out Romper's new video series, Romper's Doula Diaries:
Watch full episodes of Romper's Doula Diaries on Facebook Watch.