All-Talking, All-Singing Threats

Walkie talkie toys and karaoke devices hit the headlines for all the wrong reasons in December 2019, as consumer group Which? highlighted potentially hackable vulnerabilities that could be used by strangers to interact with children.

As reported by a number of media outlets, Which? examined various walkie talkie and karaoke devices sold by well-known retailers such as Argos, John Lewis and Amazon. The firm discovered that three out of seven popular toys tested had flaws.

They included the KidiGear walkie talkie made by Vtech, which a stranger could potentially pair with another of the same toy from a distance of up to 200ft away, and the Singing Machine SMK250PP karaoke machine, to which a stranger could possibly stream audio from a distance of up to 10 meters away as the Bluetooth connection did not require authentication.

The findings by Which? are yet more evidence of the safety and security issues that continue to plague connected devices, and particularly highlight risks affecting connected toys used by children.

“The plethora of devices now capable of connecting to the internet or Bluetooth is expanding daily,” said Dr Kiri Addison, head of data science overwatch at Mimecast. “These devices often lack even the most basic security measures and are therefore extremely vulnerable to compromise and misuse. This story is concerning as it highlights the vulnerability of children’s toys which can be compromised to allow third parties to speak to your children.”

Dr Addison urged parents to take an active interest in the range of technology their children are using, as even toys can present an unwanted risk to their safety.

“There are obvious implications in terms of child protection, and current standards internationally are lagging behind in regulating the minimum level of security that should be considered mandatory in the case of any item, which could be considered Internet of Things devices. Children are uniquely vulnerable to influence or coercion via technology and this is something every parent should be conscious of as the sophistication of these often seemingly innocuous connectable devices increases.”

What’s Hot on Infosecurity Magazine?