Which? revealed it had found “serious security flaws” in some children’s smart toys.
Working with cyber security specialists, Which? raised concerns about some connected toys sold by major retailers, claiming that they lacked basic cyber security measures and were vulnerable to attack.
This investigation highlights the importance for manufacturers of internet connected devices to take every measure to ensure their products are safe to use.
Earlier this year the NCSC supported a DCMS consultation on regulatory proposals for consumer Internet of Things, which would create a minimum baseline for security requirements in smart devices.
Which? has outlined five tips to help when buying and using smart toys:
- Read the description of the connected toy carefully in the shop or online. Find out what the toy actually does and how your child will interact with it.
- Search online to see if there have been any security concerns raised about the toy previously, such as a leak of personal data. If you are at all concerned, consider a non-smart toy instead.
- If you do buy a smart toy, submit only the minimal amount of personal data required when setting up an account for your child. So, not too much data is exposed if things do go wrong. Do set strong passwords, though, to ensure any accounts are properly protected.
- Keep an eye on your child when they’re playing with the smart toy, particularly if it can send or receive messages.
- When your child is not playing with the smart toy, make sure you turn it off completely.