JUNE Cyber Scam Newsletter
In this month's edition, we're raising awareness of Sextortion scams, fake TalkTalk refund scams, holiday fraud and a reminder of the recent WhatsApp hack.
A Which? investigation finds that four in seven of toys tested could be used to communicate with children playing with them.
'Which?' consumer group is urging major retailers to withdraw a number of “connected” or “intelligent” toys likely to be popular at Christmas, after finding security failures that it warns could put children’s safety at risk.
Tests carried out by the group, and others, found flaws in Bluetooth and Wi-Fi enabled toys that could enable a stranger to talk to a child.
The investigation found that four out of seven of the tested toys could be used to communicate with the children playing with them.
Security failures were discovered in the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets.
With each of these, the Bluetooth connection had not been secured, meaning the researcher did not need a password, pin or any other authentication to gain access. Little technical knowhow was needed to hack into the toys to start sharing messages with a child.
Which? has written to retailers to urge them to stop selling connected toys that have proven security issues.
Children's Privacy A 'Top Priority' For Brands
Hasbro, which makes the Furby Connect, said: “Children’s privacy is a top priority, and that is why we carefully designed the Furby Connect and the Furby Connect World app to comply with children’s privacy laws. We feel confident in the way we have designed both the toy and the app to deliver a secure play experience.”
The British Toy and Hobby Association, of which Vivid and Hasbro are members, said: “The industry takes its responsibilities incredibly seriously when making products for children, with BTHA members investing heavily in everything from toy safety to data privacy and online security.
“We are aware of the Which? report, but understand the circumstances in which these investigations have taken place rely on a perfect set of circumstances and manipulation of the toys and the software that make the outcome highly unlikely in reality.”
More information on this story, and the exact vulnerabilities found in the toys mentioned, can be found here.