Hackable Smart toys – If you are considering buying an internet-connected smart toy this Christmas, make sure you do your homework first.

As the world of connected toys expands, we advise that consideration should be given to the hidden and serious security risks you might be handing over with the presents or possible hackable smart toys including:

  • If the toy has a camera or microphone, what control do owners have over how this operates and where any data is stored?
  • Does the toy send emails, or does it connect to social media?
  • What control do adults have over the device’s management and security?
  • How easy is it to delete personal account data?
  • Does the vendor have a history of patching known security problems?

Many consumers assume that when smart products are launched that they have progressed through rigorous testing but historically evidence has shown that this is not the case. Many smart toys often include weak security leaving the devices vulnerable to hacking.

A particularly example involves the Vtech KidiGear Walkie Talkies. These devices were exploited through their Bluetooth connection with the NCC Group documenting the security weakness. This meant that anyone close-by could interact with children through the device.

So, how do buyers know whether the smart toy they have bought has poor security? Are these hackable smart toys?

We recommend that you complete some research before purchasing the item. Complete an online search on the model and manufacturer to identify any previous security problems. Also, pay attention to the privacy policy of the company, with particular emphasis on where data is stored and if there is any data shared with third party companies. Finally, when the item is purchased, spend some time configuring the smart toy before the big day.