Avatar photo

Freelance journalist

Author Bio ▼

Experienced freelance B2B journalist and editor, specialising in fields of renewable energy, energy storage, smart grids and nanotech.
November 22, 2017

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

CONNECTED TOYS FEARS

Germany bans kids’ smart watches over privacy concerns

Germany’s telecommunications regulator has announced a ban on the sale of children’s smartwatches over concerns that these devices can transmit audio from their surroundings.

Jochen Homann, president of the Federal Network Agency, said: “Via an app, parents can use such children’s watches to listen unnoticed to the child’s environment and they are to be regarded as an unauthorised transmitting system.”

Children’s gadgets and toys, featuring communications technology or Internet of Things (IoT) capability are vulnerable to hacking. In 2015, toy firm VTech was hacked, exposing some 6.4 million customers’ data as well as children’s photos and chat logs.

Germany’s smartwatch ban, announced in November, follows a Norwegian Consumer Council report that found some brands of smartwatches aimed at children transmitted data without encryption, opening these devices up to breaches.

“Dangerously insecure”

“There is a shocking lack of regulation of the ‘internet of things’, which allows lax manufacturers to sell us dangerously insecure smart products,” security expert Ken Munro told the BBC.

Earlier in November the UK consumer group Which? urged big retailers to withdraw certain makes of internet-connected or ‘smart’ toys ahead of Christmas, after finding security failures that potentially put children’s safety at risk.

Tests carried out by Which?, with the German consumer group Stiftung Warentest, and other security research experts, identified more than half of the tested toys could be used to communicate with the children playing with them, through breaches in Bluetooth and WiFi connectivity.

Security failures were discovered in the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets.

In each, the Bluetooth connection had not been secured, so the researcher was able to gain access without a password or other form of authentication.

When switched on, the Furby Connect – on sale at Argos, Amazon, Smyths and Toys R Us – could be connected with any device within a Bluetooth range of 10 to 30 metres.

“Anyone considering buying  a connected toy should apply a level of caution.” Alex Neill, managing director of home products and services, Which?.

With the i-Que Intelligent Robot, available from Argos and Hamleys, it was established that anyone can download the app, find an i-Que within their Bluetooth range and make the robot ‘speak’ by typing into a text field. i-Que is made by Genesis. The company’s My Friend Cayla doll was recently banned in Germany owing to security and hacking concerns. Both toys are distributed in the UK by Vivid.

“Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution,” said Alex Neill, managing director of home products and services at Which?.

Back in March 2017 this site covered the vulnerability to hackers that some of today’s toys and kids’ gadgets present, following the hacking of the CloudPets database containing two million personal voice messages, recorded via an app and replayed through a ‘smart’ teddy bear when parents are away from their children.

Applying basic security measures, such as a password, would not have cost any additional investment by the database’s developer.

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Topics: