INSUBCONTINENT EXCLUSIVE:
Image copyrightVTechImage caption
Which? found that strangers could connect to the walkie talkies from up to 200m
A walkie talkie toy and two karaoke devices have been found to be potentially hackable, consumer group Which? has claimed.The toys'
Bluetooth connections were tested by Which? and cyber-security firm NCC Group.They found a nearby stranger could potentially talk to
children via them.Vtech, which made the walkie talkie, said new connections could not be made if a parent's device had already been paired
with the toy.It added that pairings would have to be made within specific 30-second windows.Which? examined several devices sold by
retailers including Amazon, Argos, John Lewis and Smyths, and said some were "lacking in basic security".Three out of seven popular toys
examined during tests were found to have flaws, meaning a stranger could - under certain conditions - speak to children via the
devices.Stranger dangerA stranger could, for example, use a Vtech's KidiGear walkie talkie to pair to another one of the devices being used
by a child - from a distance of up to 200m (656ft).The Bluetooth pairing of devices, however, would have to take place within a 30-second
window, once the child's device was activated."Based on all this information we have gathered, we believe that there is a risk of someone
observing a child playing with the walkie talkies and exploiting the above scenario," said Which?In a statement, Vtech said pairings could
not occur if the child's walkie talkie was already linked to another device, such as one used by a sibling or parent."Further to the recent
Which? findings, we would like to reassure consumers on the safety of the VTech KidiGear Walkie Talkies which use the industry standard AES
encryption to communicate," Vtech added."The pairing of KidiGear Walkie Talkies cannot be initiated by a single device
"Both devices have to start pairing at the same time within a short 30-second window in order to connect."Image copyrightSinging
MachineImage caption
Singing Machine says safety is a "top priority"
Which? also found that the Singing
Machine SMK250PP karaoke machine had been designed so that a stranger could stream audio to a child from a distance of up to 10 metres
because the Bluetooth connection did not ask for authentication."So as long as the machine is on and is listening for Bluetooth connections,
it will happily connect with any Bluetooth streaming device that initiates communication with it," said Which?In a statement, the firm said:
"Safety is top priority with every Singing Machine product produced, as demonstrated by our 37-year history without a product recall."We
follow industry best practices as well as all applicable safety and testing standards."Image copyrightXpassion/TenvaImage caption
The TheIndianSubcontinent was unable to contact the firm behind the karaoke device
Another karaoke microphone
suffered from the same kind of vulnerability, Which? said
"Even little baby know how to use," reads a description for the device on Amazon.Which? said it was unable to contact the firm behind the
The TheIndianSubcontinent also attempted to reach the company, without success.A number of other devices were tested by Which? for different
security issues, including the Mattel FFB15 Bloxels Build Your Own Video Game.An online platform associated with the toy, a board game, was
found to have no filter to prevent explicit language or offensive images from being uploaded.The toy is no longer being made
Mattel told the TheIndianSubcontinent: "The specific web platform referred to in this report, which was produced by a third party, was
closed and the physical product was discontinued after finishing its license agreement earlier this year in June."Which? reported that Pixel
Press, which made the online platform, had declined to comment
The TheIndianSubcontinent has separately contacted the firm.'Depressingly simple flaws'"These are depressingly simple security flaws,"
cyber-security expert Ken Munro told the TheIndianSubcontinent
"There is no excuse for big brand names such as these to be vulnerable." Mr Munro has previously exposed cyber-security vulnerabilities in
toys, including in talking doll Cayla.He noted that the DCMS is consulting on regulation which would cover such products and he also pointed
out that the US state of California will implement regulation for consumer internet-of-things products from 1 January.That is likely to
influence manufacturers around the world, argued Mr Munro.
