Popular toys on top of many kids Christmas list could let a stranger to communicate with your child a report by UK consumer advice organization Which? has found.
The organization bought seven smart toys and had them tested by the NCC Group—a specialist security lab. Some of the toys were aimed at children as young as three years old, but contained “various concerning issues that could potentially put children at risk.”
The security test focused on issues specific to the use of the toys by children themselves. It also looked into the confidentiality and integrity of any personal data captured by the toys.
“Across all seven toys, we found 20 noteworthy issues,” the NCC Group said in a blog post. The lack of secure authentication like a PIN or password for Bluetooth connectivity was a top concern. Two of karaoke toys let anyone within a range of about 10 meters to connect anonymously and stream audio to the toy. The child could not talk back, but the thought of someone being able to send messages to a child this way is creepy in the extreme. “Imagine a scenario where someone connects to the toy and streams instructional or manipulative messages to a child,” the NCC Group report states, “such as asking them to go out to the front garden, as a precursor to an abduction attempt.”
Which? has a smart toy safety checklist for parents that details the things to be aware of before filling your kid’s stocking with a connected toy. The US Federal Trade Commission (FTC) has also published advice for consumers regarding the questions that should be asked before buying internet-connected toys.
Failing that you could just gift your kids toys with no connectivity. Apparently such toys still exist. Kids can have lots of creative fun with them and these toys don’t collect data on your child, let alone provide a communication stream to potentially dangerous strangers.
For more details of toys tested and responses from the manufactures check out the Which? report.