Security flaws have been found in a number of smart toys, leaving children at risk of being contacted by strangers, Which? has warned.
The consumer group is urging the next government to make it mandatory for manufacturers to ensure smart products meet appropriate security standards before they are able to go on sale.
In its latest investigation of seven devices ahead of Christmas – sold by major retailers including Amazon, Argos, John Lewis and Smyths – three were vulnerable to being hacked.
Which? claims a security flaw in Vtech’s £30 KidiGear Walkie Talkies could allow a person to start a two-way conversation with a child from a distance of up to 200 metres.
The attacker would need to initiate pairing within 30 seconds of a child switching on their device in order to connect, the electronic learning toys maker responded.
Weak bluetooth security was uncovered in children’s karaoke products, Karaoke Microphone – sold online by relatively unknown brand Xpassion/Tenva – and Singing Machine SMK250PP by Singing Machine, meaning a person could send recorded messages within 10 meters without protections such as a PIN.
Singing Machine responded saying it follows “best practices” and “testing standards”.
Which? also warned that personal data of those who own the Singing Machine, as well as AI-powered Boxer Robot, board game Mattel Bloxels, or coding game Sphero Mini is at risk, after finding that users are not required to create strong passwords for their online accounts.
Meanwhile, Bloxels and Sphero Mini had no filter protections to prevent explicit language or offensive images being uploaded to their online platforms, Which? said.
The consumer group wants basic measures such as requiring a unique password before use, data encryption and consistent security updates, to be taken seriously by the industry.
“While there is no denying the huge benefits smart gadgets can bring to our daily lives, the safety and security of users should be the absolute priority,” explained Natalie Hitchins, Which? head of home products and services.
“The next government must ensure manufacturers design connected tech products with security as paramount if it is going to prevent unsecure products ending up in people’s homes.”
Mattel responded to the claims, saying: “The specific web platform referred in this report, which was produced by a third party, was closed and the physical product was discontinued after finishing its license agreement earlier this year in June.”