Toys Turned Into Paedophile Spycams

It’s the Christmas season and gifts are on every child’s mind.  Here are some things you need to know about the tech gifts your kids may want from DailyMail.com

“Hackers will be able to seize control of six top-selling Christmas toys – tapping into video streams, microphones and even collecting phone numbers and personal details.

Experts at Top10VPN UK said it was ‘shockingly simple’ to take control of any toy with an unsecured Wi-fi of Bluetooth connection, to access its data and tap into its camera or microphone.

They found that a children’s smart tracking watch had fundamental security flaws that would allow a hacker to pose as a parent and send fake messages or SMS alerts.

They were able to hijack a remote-control car and tap into the feed from its built-in video camera. And they found they could browse through recordings made by a drone and infect it with malware.

The toys tested were the Q50 Smart Tracking Watch, Mass Effect: Andromeda NOMAD ND1 RC Car, Sky Viper v2400 HD Streaming Drone, AirHogs FPV High Speed Race Car, Cognitoys Dino and the Star Wars BB-8 Droid.

This device has fundamental security flaws that put children in danger. With no authentication and encryption, it's simple for a hacker to impersonate a child's parents or loved ones by sending fake messages or SMS alerts to the watch

This device has fundamental security flaws that put children in danger. With no authentication and encryption, it’s simple for a hacker to impersonate a child’s parents or loved ones by sending fake messages or SMS alerts to the watch

Hackers can intercept the video stream from the built-in camera completely undetected, as all data sent from the toy to its companion app is unencrypted

Hackers can intercept the video stream from the built-in camera completely undetected, as all data sent from the toy to its companion app is unencrypted

While the hacker can't take control of the drone, they could infect the toy with malware, rendering it inoperable, or worse

While the hacker can’t take control of the drone, they could infect the toy with malware, rendering it inoperable, or worse

All Wi-fi and Bluetooth enabled toys are vulnerable to attack and there’s no way of preventing according to the researchers.

Hackers are able to tap into the devices, because the toys each have their own hotspots, without any form of security or privacy settings.

Where phones, laptops and tablets have options to set passwords for the user to secure their device, the toys don’t – leaving them vulnerable to anyone who wants to log in.

JP Jones at Top10VPN told MailOnline: ‘Imagine you have a child in a block of flats, you can see neighbours’ Wi-fis but cannot connect as they are usually secured.

‘Nosy neighbours can connect to these toys and will be able to access a lot of sensitive information.’

While the manufacturers aren’t breaking any rules by not having a privacy and security settings on the toys, the researchers believe they should more responsible.

Simon Migliano, head of research at Top10VPN.com, added: ‘It’s roughly tens of thousands of pounds to create the security features, but that is not much for these companies.

‘We have passed on our research to all the manufacturers and have only received acknowledgments from two.

‘Regulations need to keep up with the pace of technology. But customers should also be taking responsibility and parents need to educate themselves on what they are buying for their children.’

The research underlines why children’s smartwatches were recently banned outright in Germany and certain models pulled from UK shelves.

Even without the companion app, the more determined hacker could record the streaming video as it is not encrypted

Even without the companion app, the more determined hacker could record the streaming video as it is not encrypted

It found that kids’ smartwatches with GPS tracking, currently flooding Amazon, are vulnerable to stalking by strangers who could potentially send messages impersonating trusted friends and relatives.

The discoveries come in the wake of serious warnings about smart toys from the FBI and the Information Commissioner’s Office, the UK’s independent privacy watchdog. The Top10VPN.com findings also build on a recent consumer report revealing the vulnerability of Bluetooth-enabled toys.

This study goes further to demonstrate an even more serious problem given the greater capabilities of Wi-Fi devices compared to more limited Bluetooth functionality.

Independent security researcher Sarah Jamie Lewis, commissioned by the comparison website Top10VPN.com said the team compromised all six of the toys they tested.

While this device does require a person to physically press a button to make any recordings, cyber criminals can easily steal them once created 

While this device does require a person to physically press a button to make any recordings, cyber criminals can easily steal them once created

It's technically possible an attacker and would-be thief could use its sensors to map a room

It’s technically possible an attacker and would-be thief could use its sensors to map a room

They were able to intercept cameras and microphones, retrieve private pictures and video, access the location of a device and ‘spoof’ – deliberately alter – information such as child location to a parental monitoring app.

Sarah Jamie Lewis said: ‘It was shockingly simple to take full control of these toys and intercept video feeds from onboard cameras within minutes.

‘This opens up a number of frightening scenarios where anyone, even a stranger driving around in a car, can discover these vulnerable Wi-Fi enabled toys, and can hack into these devices with the intent of violating a child’s privacy or worse.’

Mr Migliano added: ‘These shocking findings must serve as a wake-up call to the toys industry and regulators to prevent children from being put at risk.

‘Until there is a security standard that must be met by all connected toy manufacturers, we would urge parents to think very carefully about buying any smart products for their children.

‘It’s easy to get caught up in the fun of toys that have increasingly sophisticated functionality built in, but given what we’ve managed to do with the six toys we tested, as a parent myself, I certainly would not expose my children to this kind of danger.’ “

Read more: http://www.dailymail.co.uk/news/article-5179201/Hackers-able-seize-control-childrens-Christmas-toys.html#ixzz51LAwghv

2017-12-15T10:41:13+00:00December 15th, 2017|

One Comment

  1. January 11, 2018 at 2:53 am - Reply

    Has anyone heard anything about LG Gizmo Pal 2? Can they be hacked? A very scary thought, indeed.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.