Retailers warned connected with toys

Thinkstock

Consumer watchdog Which? he called on retailers to stop selling some popular toys are said to have “proven” security problems.

Those toys include Furby, Connect the i-Que robot, Cloudpets and Toy-fi Teddy.

That? she discovered that there was no authentication required between the toys and devices that can connect via Bluetooth.

Two of the producers has said that he has taken security very seriously.Sloppy security

The lack of authentication meant that, in theory, any device within the physical range could connect to the toy and take control, or the sending of messages, the watchdog said.

“Connected toys are becoming more and more popular, but our investigation shows, anyone considering buying one should apply a level of attention,” said Alex Neill, the managing director of home products and services?

“The safety and security should be the top priority with any toy. If that cannot be guaranteed, then the products must not be sold.”

Hasbro, which makes the Furby Connection, said in a statement that it believed the results of the tests carried out for That? had been achieved in very specific conditions.

“A huge amount of engineering would be required to reverse-engineer the product and create a new firmware,” he said.

“We are confident in the way we have designed both the toy and the app to provide a secure and safe gaming experience.”

I-Que maker Vivid Imaginations has said that there had been “no reports of these products to be used in a malicious way,” but added that it would review, Which?’s recommendations.

Spiral Toys, that makes Cloudpets and Toy Fi, not comment.

Other toys from That? including the Wowee Chip, Mattel’s Hello Barbie, Fisher Price Smart Toy Bear – but these have not been found to have serious security issues.

Cyber-security expert Prof Alan Woodward, from Surrey University, has told the BBC it was a “no brainer” that toys with issues of security should not be for sale.

“Unfortunately, there have been many examples over the last two-three years of connected toys that have security flaws that put children at risk,” he said.

“If this is sloppiness on the part of the manufacturer, or their rush to build a product at a certain price, the consequences are the same.

“For the production of these toys is bad enough, but to then keep them as a retailer to know that they are potentially putting children at risk is completely unacceptable.”