Smart Toys: A Security Hazard?

As the holiday season approaches, parents will breathe a sigh of relief when they get to give their child the toy they really wanted. This year, there is a strong likelihood that this could be what is known as a ‘smart toy’, a new breed of toy offering Bluetooth and Wi-Fi connectivity. Why do they need this? Well, this allows the toys to speak with tablets, phones and apps, bringing their features into the 21st century and making them more fun.

However, there has been cause for concern over their safety. Recent studies have suggested that there are numerous security flaws with Bluetooth and Wi-Fi enabled toys which could allow hackers to break into the device. As they are designed for children and for easy use, connecting to one of these toys does not often require a pin, password or any form of authentication. And so, with these toys allowing for connection with numerous devices from up to 30 meters away, any stranger within the radius could freely link to the device without having to get through any barriers.

As many smart toys interact with children as part of their design, it has been suggested that these flaws could allow strangers to directly communicate with a child. If you’re at all concerned or notice anything untoward with your child’s toy, we advise you to contact the manufacturer and ask about how the toy’s settings can be changed. The manufacturer will be able to advise of any additional security precautions you could take.

If you are thinking of buying a connected toy you should:

  • Check what information the toy sends and receives
  • Question whether you need a toy that connects to the Internet
  • Buy a toy that has a security feature (such as a PIN or password) that can be changed
  • Monitor how your child interacts with it
  • Check reviews to see if there are any existing safety concerns
  • Check to see if the manufacturer has issued any guidance following your purchase (and make a note to check back throughout the year to see if any vulnerabilities have been found)

Do you have a question you’d like us to answer? Get in touch in the comments below or tweet us @JustAskGemalto.