Merry Christmas -The Internet of Insecure Toys

Are the toys you are buying for your kids hackable?Can anyone listen in or have a conversation with your kids via an Internet connected toy?  Sorry, but the answer is “yes.”

We have been writing for a while about the grievous lack of security on Internet-connected “smart” appliances, web cameras, baby monitors, door locks, thermostats, personal assistants, Wi-Fi, Cable, and DSL routers, and other devices.  This lack of security extends to children’s toys as well.

Due to the lack of security and privacy standards for children’s toys, and the usual rush to market by toy manufacturers who are motivated more by profit and any concern over security, a recent study uncovered a number of Internet -connected toys with serious security issues.  These include:

  • Kid’s conversations being collected by the device and store in the cloud.
  • The absence of encryption on the data stored by these devices.
  • Bluetooth and Wi-Fi flaws that would allow an outsider to connect to certain toys.

Toys included in this report as insecure included:

  • Furby Connect
  • i-Que Intellegent Robot
  • Toy-Fi Teddy
  • CloudPets

Some toy makers are being sued by the United States for  violating COPPA (the Childrens’ Online Privacy Protection Act of 1998) for failing to disclose to parents’ that their kids conversations and personal data collected by the toys are being stored on servers and sold to third-party marketing companies.  You may want to give a second thought to purchasing that cool new connected toy for Christmas.  How a bout a nice collection of Legos instead?

More information


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.