Children’s toys and baby monitors can be taken over by hackers, security services warn

Children’s toys and baby monitors connected to the internet can be taken over by hackers, the security services have warned. The National Cyber Security Centre (NCSC) has issued new guidance calling on manufacturers to ensure devices sold to British families are secure.
Vulnerabilities already discovered include one that could let attackers obtain audio from a baby monitor or “inject fake information about the position and temperature” of an infant on an activity tracker. An international database also lists a “smart toy bear” with a security fault that could be used by hackers to obtain sensitive information, and a talking dinosaur that allows voice, data and video traffic to be intercepted.

The NCSC has demonstrated how an interactive doll could be compromised and used to unlock a wifi-connected front door. A voluntary code of practice issued by the government urges manufacturers to increase security across the growing “internet of things”. “Poorly secured devices can threaten individuals’ privacy, compromise their network security, their personal safety and could be exploited as part of large-scale cyberattacks,” a spokesperson said.

It comes after the first ever joint “technical alert” by the UK and US revealed that unsecured routers were being targeted by Russian hackers. They were found spying on the information passing through the routers, harvesting passwords and data. And earlier this month Russian intelligence services were accused of running 12 named hacking groups behind attacks including those on the Democratic National Committee, a British TV station, the World Anti-Doping Agency and Ukrainian transport.

Reports say that toys have not yet been targeted by hackers. “A vulnerability being found doesn’t necessarily mean something has been taken over and there was an exploit,” an NCSC spokesperson said. “We should be better at holding companies to an account where something is reported and it doesn’t get fixed.” There are expected to be more than 420 million internet-connected devices in use across the UK within the next three years, but security features are rarely advertised to families investing in smart toys, monitors, virtual assistants and other technology.