This is one of the happiest times of the year for many people, especially children. They already have their wish lists made up for Santa, and for many, they want one of the latest smart toys.
But as we have reported in the past, smart toys can carry many dangers. The Which? website knows that as well. They tested a few smart toys and kids’ karaoke machines that are available this year and found that the majority had questionable security with some of their features.
Smart Toy Testing
Which? did this same test two years ago and reported that not much has changed in the past two years. The smart toys still have the same security issues, and that’s disconcerting. They had security specialist lab NCC Group test the toys to find any potential issues so that you, the consumer, are aware before finishing your holiday shopping this year.
The following are the toys they tested and a quick roundup on their findings.
Karaoke Microphone/Singing Machine SMK250PP
Many karaoke machines come with Bluetooth now so that you can use an app with it or stream song content. Testing showed that neither of the machines tested required authentication to connect to the Bluetooth, meaning anyone can connect and send recorded messages to your child. They will not be able to send messages back, however.
Both of these karaoke machines are also vulnerable to “second-order attack,” meaning someone else could use the karaoke machine to exploit a separate voice-controlled device nearby, such as a smart speaker, or they could try to connect to another smart home product, such as a security camera or smart lock.
The company that makes the SMK250PP said that a user would need to manually enter Bluetooth pairing mode in order to add a new device. Yet, that’s not what Which? and NCC found in their testing.
Vtech KidiGear Walkie-Talkies
According to the testing, these walkie-talkies do use some encryption technology for protected communication. It is possible for someone else to contact your child through the walkie-talkies, but it’s a longshot at best. The stranger would need to have their own set of the same type of walkie talkies and happen to be pairing them at precisely the same time a child switches them on. Additionally, if there is already a conversation on the walkie talkies, no one else could connect.
Mattel FFB15 Bloxels Build-Your-Own Video Game
The most concerning thing about this toy that allows children to build their own games is the education web portal. Users of the toy can create, upload, and play games on a smartphone or tablet. There is no moderation of content in the games, so it’s possible games you wouldn’t want your children around could be available to them.
The consumer website doesn’t use a strong enough level of encryption, and accounts can be created with weak passwords. This means the accounts could be easily hacked. The education website does have better security measures, but really all websites concerning smart toys should have good encryption.
Sphero Mini Interactive Toy
This toy’s intention is to help kids learn to code. Like the karaoke machines, it uses unauthenticated Bluetooth, so anyone who controls the robot can’t do much, but just like the Boxel, inappropriate content could be posted to its online platform. Text can be read aloud, so there’s a risk of offensive language being heard.
Boxer Interactive Toy
This robot toy doesn’t pose much of a threat risk. However, you need to download an app to control lit, and that app doesn’t require login details or an account, which is extremely alarming. So while the toy may be safe, the accompanying app is not, and there are some account and password-security issues.
It’s All About the Internet
Only one toy tested had no problems: the Rizmo. But the reason it had no problems is that it does not have a network connection or mobile app, so it’s really not that “smart.” But this helps reinforce the idea that if it connects to the Internet in any way, there will always be at least a small risk, so you need to keep that in mind when purchasing smart toys.
Have your found smart toys that you believe carry a risk? Let us know below in the comments.
Get the best of IoT Tech Trends delivered right to your inbox!