Connected Toys Expose Smart Homes: Report

Dec 11, 2019 10:00 am Cyber Security 304

Connected Toys Expose Smart Homes: Report

Security experts have warned of several flaws in connected toys which could allow hackers to talk to the children using them or even launch attacks against the smart home.





British consumer advice group Which? enlisted the help of pen testing firm NCC Group to run the rule over seven smart toys from major retailers Amazon, Smyths, Argos and John Lewis.





Several, including the Singing Machine SMK250PP and TENVA’s pink karaoke microphone, don’t require session-based authentication for their Bluetooth connection. This could allow hackers to anonymously pair with and stream audio into them — potentially offensive or even “manipulative" messages exhorting the child using the device to go outside, NCC Group claimed.



A similar issue existed in KidiGear walkie talkies from Vtech.





“A pair of walkie talkies investigated as part of this security assessment allowed for children to communicate with each other, within a range of up to 150 meters. There was no mutual authentication between the pairs of walkie talkie devices,” NCC Group continued.





“This means that if an attacker purchased the same set of toys and was in range of an unpaired, powered-on walkie talkie, they would be able to successfully pair with it and engage in a two-way conversation with the child user under certain conditions.”





However, the chances of this happening are pretty slim, according to Vtech.





“The pairing of KidiGear Walkie Talkies cannot be initiated by a single device. Both devices have to start pairing at the same time within a short 30 second w ..

Support the originator by clicking the read the rest link below.

connected expose smart homes report
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!