Hackers have seized control of the top-selling Christmas toys – installing secret spy cams that send private images back to anonymous pedophile rings.
Experts at Top10VPN UK say the six top-selling Xmas toys were ‘shockingly easy’ to take control of using an unsecured Wi-fi or Bluetooth connection – with remote users easily able to secretly monitor children through the toy’s camera or microphone.
Dailymail.co.uk reports: They found that a children’s smart tracking watch had fundamental security flaws that would allow a hacker to pose as a parent and send fake messages or SMS alerts.
They were able to hijack a remote-control car and tap into the feed from its built-in video camera. And they found they could browse through recordings made by a drone and infect it with malware.
The toys tested were the Q50 Smart Tracking Watch, Mass Effect: Andromeda NOMAD ND1 RC Car, Sky Viper v2400 HD Streaming Drone, AirHogs FPV High Speed Race Car, Cognitoys Dino and the Star Wars BB-8 Droid.
All Wi-fi and Bluetooth enabled toys are vulnerable to attack and there’s no way of preventing according to the researchers.
Hackers are able to tap into the devices, because the toys each have their own hotspots, without any form of security or privacy settings.
Where phones, laptops and tablets have options to set passwords for the user to secure their device, the toys don’t – leaving them vulnerable to anyone who wants to log in.
JP Jones at Top10VPN told MailOnline: ‘Imagine you have a child in a block of flats, you can see neighbours’ Wi-fis but cannot connect as they are usually secured.
‘Nosy neighbours can connect to these toys and will be able to access a lot of sensitive information.’
While the manufacturers aren’t breaking any rules by not having a privacy and security settings on the toys, the researchers believe they should more responsible.
Simon Migliano, head of research at Top10VPN.com, added: ‘It’s roughly tens of thousands of pounds to create the security features, but that is not much for these companies.
‘We have passed on our research to all the manufacturers and have only received acknowledgments from two.
‘Regulations need to keep up with the pace of technology. But customers should also be taking responsibility and parents need to educate themselves on what they are buying for their children.’
The research underlines why children’s smartwatches were recently banned outright in Germany and certain models pulled from UK shelves.
It found that kids’ smartwatches with GPS tracking, currently flooding Amazon, are vulnerable to stalking by strangers who could potentially send messages impersonating trusted friends and relatives.
The discoveries come in the wake of serious warnings about smart toys from the FBI and the Information Commissioner’s Office, the UK’s independent privacy watchdog. The Top10VPN.com findings also build on a recent consumer report revealing the vulnerability of Bluetooth-enabled toys.
This study goes further to demonstrate an even more serious problem given the greater capabilities of Wi-Fi devices compared to more limited Bluetooth functionality.
Independent security researcher Sarah Jamie Lewis, commissioned by the comparison website Top10VPN.com said the team compromised all six of the toys they tested.
They were able to intercept cameras and microphones, retrieve private pictures and video, access the location of a device and ‘spoof’ – deliberately alter – information such as child location to a parental monitoring app.
Sarah Jamie Lewis said: ‘It was shockingly simple to take full control of these toys and intercept video feeds from onboard cameras within minutes.
‘This opens up a number of frightening scenarios where anyone, even a stranger driving around in a car, can discover these vulnerable Wi-Fi enabled toys, and can hack into these devices with the intent of violating a child’s privacy or worse.’
Mr Migliano added: ‘These shocking findings must serve as a wake-up call to the toys industry and regulators to prevent children from being put at risk.
‘Until there is a security standard that must be met by all connected toy manufacturers, we would urge parents to think very carefully about buying any smart products for their children.
‘It’s easy to get caught up in the fun of toys that have increasingly sophisticated functionality built in, but given what we’ve managed to do with the six toys we tested, as a parent myself, I certainly would not expose my children to this kind of danger.’
MailOnline has contacted the manufacturers for comment.