3 More Hackable Toys NOT to Buy Your Kids This Holiday Season

3 More Hackable Toys NOT to Buy Your Kids This Holiday Season

The clock is ticking on gift-buying this holiday season, but that’s no excuse not to do some research before you buy connected toys.

  • By Jessica Davis
  • Dec 06, 2017

The clock is ticking on gift-buying this holiday season, but that’s no excuse not to do some research before you buy connected toys. The wave of new WiFi and Bluetooth-enabled gadgets for kids means more possibilities that a toy with looser security standards could be hacked, leaving you and your child vulnerable.

We previously covered three hackable toys as investigated by Mashable. Since then, groups like Which?, a U.K.-based consumer products safety testing firm, and the U.S. Public Interest Research Group have issued their own lists of unsafe toys for 2017. Here are three of their worst offenders:

My Friend Cayla

Cayla is a smart, interactive doll that can chat with children. Her Bluetooth capability works with her app and blocks pre-loaded “bad” words and subjects, but some consumers are concerned that she may violate the Children’s Online Privacy Protection Act. Cayla was classified by the German Federal Network as an “illegal espionage apparatus” and was banned in the country after concerns that access to the doll was unsecured and she could be used to “illegally spy” on children. It’s possible to connect to Cayla even without her app installed because smartphones identify her as a hands-free headset.

Furby Connect

The latest update to Furby connects to the Furby Connect World App to provide more physical and digital ways to interact. It also has LCD-screen animated eyes and can say more than 1,000 phrases. Unfortunately, researchers found that anyone within range of its Bluetooth can connect to the toy when it’s switched on without physically interacting with it due to a lack of security features when pairing with the device. You can also connect to the Furby with a laptop, and some researchers were able to upload and play a custom audio file through the toy, which means anyone with the know-how could upload inappropriate material to play for a child.

I-Que Intelligent Robot

i-Que is an interactive robot who can talk, tell jokes and quiz children. It uses Bluetooth to pair with its app, but smartphones can identify it as a hands-free headset without even installing the app. Anyone within Bluetooth range of the toy can pair with it and use a text field in the app to make the toy say whatever they want in the robot’s own voice. Which? demonstrates a worst-case scenario of someone taking advantage of this vulnerability in the video below.

In a consumer notice about internet-connected toys released in July, the FBI suggested parents take the following steps before purchasing a “smart” toy:

  1. Research any known security issues with the toy.
  2. Only connect smart toys to trusted and secured Wi-Fi.
  3. Look into the toy’s internet and device connection security measures.
  4. Use authentication when pairing the device with Bluetooth, such as a pin or password.
  5. Stay up to date with any manufacturer security update or patches.
  6. Investigate where the user data is stored, with the company, a third party source or both.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

  • Creating More Versatility

    Today, AI has become top of mind for most security professionals. It is the topic of conversation in the technology world and continues to transform the way data is used to make important business decisions. Read Now

  • Report: 78 Percent of CISOs Seeing Significant Impact from AI-Powered Cyber Threats

    Darktrace recently unveiled its 2025 State of AI Cybersecurity report. The findings reveal that 78% of Chief Information Security Officers (CISOs) surveyed say that AI-powered threats are having a significant impact on their organizations, a 5% increase1 from 2024. While an increasing number of CISOs report feeling a significant impact from AI threats, more than 60% now say that they are adequately prepared to defend against these threats, an increase of nearly 15% year-over-year. However, insufficient AI knowledge and skills and a shortage of personnel and talent continue to be listed as the two top inhibitors to a successful defense. Read Now

  • Teaching AI New Tricks

    You have probably heard that AI-enabled security cameras are evolving the role of traditional surveillance cameras, shifting the focus from passive monitoring to active problem-solving and operational insights. AI technology changes fast, so what is new can be considered only news in just a few months. Read Now

  • From the Most Visible to the Less Apparent

    The Cybersecurity and Infrastructure Security Agency (CISA) states “There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, and national public health or safety or any combination thereof.” Read Now

Most   Popular

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.