Smart Toys Ain’t Child’s Play Coz It Leaks Data |

Smart Toys Ain’t Child’s Play Coz It Leaks Data

A recent research suggests that connected toys could be a security nightmare that could compromise data to inappropriate sources outside of one’s network


A quick search on Google for connected toys brings up a big fat list of internet-enabled playthings that children above six months “should have” (at least that’s what the ads say) because in the modern digital and virtual world, reality hardly matters. These toys have built-in Bluetooth, Wi-Fi and everything other capability that allows seamless communication.

The cheapest of these toys cost Rs.111 on Amazon and the costliest is well just plain obscene. As with anything that is seamlessly connected, these toys also seem to carry their own security threats, if one were to go by a recent report published by Which? a 52-year old UK-based company that does research on consumer products.

The report says that the company had tested some smart toys in 2017 and again in 2018 and found that the connectivity in smart toys isn’t secure. Our concern is that this could easily get into the hands of the wrong people, who could use the same method to ‘speak’ to children from outside the home, says the report published on their website.

The report also shares a video (watch it here) on how some of these toys could be vulnerable and could be used by anyone to talk to the child through their toys. The company said in a note published after tests in 2017 that their test of four toys revealed that in each case someone to talk to the child by hacking into the Bluetooth connection of the toy.

“Each time, the Bluetooth connection had not been secured, meaning that person didn’t need a password, Pin code or any other authentication to get access. That person would need hardly any technical know-how to ‘hack’ your child’s toy. Bluetooth has a range limit, usually 10 metres, so the immediate concern would be someone with malicious intentions nearby. However, there are methods for extending Bluetooth range, and it’s possible someone could set up a mobile system in a vehicle to trawl the streets hunting for unsecured toys.”

Industry experts warn that smart toys aren’t always secure and consumers, instead of being captivated by the device functionality, shouldn’t forget that they could potentially leave the home network vulnerable and privacy compromised.

“Children’s toys are often neglected with regards to the security conversation – it’s almost instinctual to assume they’re secure, or at least protected with careful attention since they’re for children. However, assumptions such as these are where we find security gaps. We bring smart devices into our homes, unknowingly also welcoming the potential for attackers to prey on these security vulnerabilities,” says Boris Cipot, Senior Security Engineer at Synopsys Software Integrity Group.

On its part, Which? points out that the European Commission and other bodies were investigating whether such toys violate EU’s tough GDPR laws on data protection. “However, we're not just concerned about insecure connected toys. Previous investigations have exposed flaws in a whole range of gadgets, from coffee machines to cameras, and routers to robot vacuum cleaners.”

In fact, Boris Cipot says the issue isn’t child’s play. When devices including children’s toys, home security cameras, baby monitors, smart locks — and the list goes on and on — lack authentication, authorisation and other minimum-security requirements, there’s potential for attackers to strike. That could mean anything from spying on the goings-on within your home to data theft to a physical burglary,” he says in an emailed response to

The problem persists in the absence of any security standards for toy manufacturers, or even device manufacturers at a wider level. Given that smart devices are becoming increasingly integral to daily life, governments and device manufacturers need to work in unison to define some standards to which the smart devices must adhere to so that they’re safe from a security point of view.

Boris Cipot says that it would be a good idea to be aware of the challenges that these issues have on keeping one’s home secure from hackers and ensure that these are part of the aspects that one goes through before making a purchasing decision.

Because, “understanding that consumers value security as a feature is motivation for manufacturers to build security into their next generation of smart devices,” he says in conclusion.

TAGS: Smart Toys, Security, Hacking, Research