UK Consumer Group Warns About Security Flaws Found in Several “Smart” Toys

Last updated June 29, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

With the holiday season just around the corner, consumers who are planning to buy "smart toys" for children should take security into consideration. As the UK Consumers' Association warns, the majority of the companies that manufacture these products do not consider anything related to security, so these toys are ridden with risky flaws. While security flaws may seem non-relevant in the context of a toy, they could really put the children in danger.

The investigation that was carried out by the UK Consumers’ Association focuses on seven smart toys sold by Amazon, Argos, John Lewis, and Smyths. Three out of the seven products were found to be vulnerable, but this is just a sample, so it doesn’t mean that the market only has three insecure smart toys. The investigation randomly looked deeper into these seven toys in order to make a point about the presence of security flaws.

The first case is that of "KidiGear Walkie Talkies" by Vtech. The product allows anyone from a distance of up to 200 meters to start a two-way conversation with the user/child. Vtech has placed some pairing security steps in the process, but bypassing them is possible. The second case concerns the "Karaoke Microphone" sold by Xpassion/Tenva, and the third case is about the "Singing Machine SMK250PP" smart toy. Both of these products can receive recorded messages from other people who stand up to 10 meters afar, without requiring a PIN or any other authentication for the connection.

The consumer protection group also warns about the privacy risks that children run when using the online platforms of these products. Children are requested to submit personal data to use the Singing Machine, the AI-powered "Boxer Robot", the "Mattel Bloxels" board game, and even the Sphero Mini coding toy. The children are not required to use strong passwords to register themselves on these platforms, so they could experience their first PII leaks and fall victims to scammers later on.

Until the toy-making industry takes security and data protection measures more seriously, the parents should act responsibly and pick toys very carefully. Also, the governments should formulate an official guideline on what the security and privacy assurance measures are, and then review and evaluate these products. Leaving children vulnerable to hackers and persons with malicious intent should be out of the question already.

Do you pay any attention to the security and privacy protection side of the products that your children use? Share your opinion in the comments section down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: