Researchers Have Found Security Holes in Yet Another Smart Toy

By Tom Pritchard on at

In the past I've criticised the IoT industry for not having up-to-scratch security, and that people should know what they're getting into. The problem is that companies have taken similar tech, with similarly shoddy security, and stuffed it into toys meant for kids. There have been a few cases of this popping up this year, and another one has reared its ugly head.

Pen Test Partners have been playing with the Teksta Toucan, and found that it could be used to spy on children. The toy has features that let it function like a Bluetooth speaker, though this also leaves the microphone exposed and allow hackers to listen in on the surroundings. They'd need to be local, but it's possible.

The second is a flaw that lets hackers break into the OS and change the MP3 files that the toy plays. You can see an example of that in the video below. Warning, don't watch it if you find mid-tier swearing offensive.

Apparently the toys is built by Genesis Industries, the same company responsible for iQue and My Friend Cayla. About a year ago those two toys were found to be collecting recordings of kids' voices without permission and sending them off to other places without adequate security. So faced some scrutiny from regulators in the US as a result, and now this has happened. It's not quite as serious, but it's still pretty bad that this is happening in a toy for children. As such the regulators in the US and EU are investigating.

Basically, long story short, don't get your kid a smart pet. Get them some Pokémon cards or something. [Pen Test Partners via Engadget]

More Security Posts:

More Security Posts: