Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha


gadgets banner2



EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

You have declined cookies. This decision can be reversed.

Six Christmas tech toys that can be hijacked by hackers right now

Written by  Dec 08, 2017

Independent security expert Sarah Jamie Lewis, also known for her work on dark web analysis and sex-tech tampering, tested six toys currently on the market.

These included the Q50 smart tracking watch, Mass Effect: Andromeda RC car, Sky Viper drone, AirHogs car, Cognitoys Dino and the Star Wars BB-8 droid.

"It was shockingly simple to take full control of these toys," Lewis said. "This opens up a number of frightening scenarios where anyone [...] can discover vulnerable Wi-Fi enabled toys, and can hack into these devices with the intent of violating a child's privacy or worse."

Upon analysis, the researcher said the Q50 Smart Tracking Watch was "fundamentally not secure" and that any child wearing the product is in danger of being hacked.

Bugs in the watch allow an attacker to "intercept all communications", remotely listen to a child's surroundings and fake a child's location, the paper, published Friday (9 December), revealed.

The product had no authentication and encryption, and research suggested that flaws could let hackers send messages to the watch. It had a default password of 123456, Lewis added.

With a new Star Wars movie on the horizon, the BB-8 droid will no doubt be a popular gift this year. Research found that, like most Bluetooth devices, it had "no authentication mechanism".

Lewis wrote that a lack of protection meant it was "fairly trivial" for a hypothetical attacker to gain control of the device's movement, and also to change its colour using built-in feature.

1and1.com | Hosting, Domains, Website Services & Servers

But luckily for users, there is little else a hacker could do to exploit the child-friendly BB-8 toy other than make it zip from a user's control and go rogue across the room.

The Mass Effect: Andromeda RC car, however, was at high risk of hacking – taking under 15 minutes to compromise. Thanks to no encryption, attackers could intercept live video streams using the built-in camera and even infect the toy with malware via dodgy software updates.

Christmas toys could spy on children, expert warnsPixabay

The Sky Viper drone left video streams at risk via WiFi networks. The Cognitoys Dino – an educational toy – left communications open to interception. And lastly, the AirHogs car's camera system could be used to snoop.

Manufacturers of the toys with high-risk security bugs were contacted by Top10VPN – the company which commissioned the study - before the report's publication.

But Top10VPN said that none responded.

"These shocking findings must serve as a wake-up call to the toys industry and regulators to prevent children from being put at risk," said Simon Migliano, head of research for Top10VPN.

"Until there is a security standard that must be met by all connected toy manufacturers, we would urge parents to think very carefully about buying any smart products for their children.

He added: "It's easy to get caught up in the fun of toys that have increasingly sophisticated functionality built in, but given what we've managed to do with the six toys we tested, as a parent myself, I certainly would not expose my children to this kind of danger."

SmartThings Monitor Your Home or Office while away at SmartHome.com Order here!

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.


startupUK Ad

  1. Popular
  2. Trending