Hackers able to seize control of children's Christmas toys.

De Master Yoda

Staff member

Are you buying your child a paedophile spycam for Christmas? How hackers are able to seize control of six top-selling gifts and tap into their video streams and microphones
  • Researchers at Top10VPN were able to send fake texts to children's smart watch
  • They were able to hijack a remote-control car and tap into the camera feed
  • All Wi-fi enabled toys are vulnerable to attack with no way of preventing it
  • Hackers are able to tap into devices, because toys each have their own Wi-fi hotspots, without any form of the security or privacy settings which phones have
By Anthony Joseph for MailOnline

Published: 23:34 AEDT, 14 December 2017 | Updated: 00:28 AEDT, 15 December 2017

Hackers will be able to seize control of six top-selling Christmas toys - tapping into video streams, microphones and even collecting phone numbers and personal details.

Experts at Top10VPN UK said it was 'shockingly simple' to take control of any toy with an unsecured Wi-fi of Bluetooth connection, to access its data and tap into its camera or microphone.

They found that a children's smart tracking watch had fundamental security flaws that would allow a hacker to pose as a parent and send fake messages or SMS alerts.

They were able to hijack a remote-control car and tap into the feed from its built-in video camera. And they found they could browse through recordings made by a drone and infect it with malware.

The toys tested were the Q50 Smart Tracking Watch, Mass Effect: Andromeda NOMAD ND1 RC Car, Sky Viper v2400 HD Streaming Drone, AirHogs FPV High Speed Race Car, Cognitoys Dino and the Star Wars BB-8 Droid.

This device has fundamental security flaws that put children in danger. With no authentication and encryption, it's simple for a hacker to impersonate a child's parents or loved ones by sending fake messages or SMS alerts to the watch

Hackers can intercept the video stream from the built-in camera completely undetected, as all data sent from the toy to its companion app is unencrypted

While the hacker can't take control of the drone, they could infect the toy with malware, rendering it inoperable, or worse

All Wi-fi and Bluetooth enabled toys are vulnerable to attack and there's no way of preventing according to the researchers.

Hackers are able to tap into the devices, because the toys each have their own hotspots, without any form of security or privacy settings.

Where phones, laptops and tablets have options to set passwords for the user to secure their device, the toys don't - leaving them vulnerable to anyone who wants to log in.

JP Jones at Top10VPN told MailOnline: 'Imagine you have a child in a block of flats, you can see neighbours' Wi-fis but cannot connect as they are usually secured.

'Nosy neighbours can connect to these toys and will be able to access a lot of sensitive information.'

**NOTE. Post shortened due to posting limits please read the full text in the link.