Hackers have seized control of the top-selling Christmas toys – installing secret spy cams that send private images back to the hacker.
Experts at Top10VPN UK say the six top-selling Xmas toys were ‘shockingly easy’ to take control of using an unsecured Wi-fi or Bluetooth connection – with remote users easily able to secretly monitor children through the toy’s camera or microphone.
Dailymail.co.uk reports: They found that a children’s smart tracking watch had fundamental security flaws that would allow a hacker to pose as a parent and send fake messages or SMS alerts.
They were able to hijack a remote-control car and tap into the feed from its built-in video camera. And they found they could browse through recordings made by a drone and infect it with malware.
The toys tested were the Q50 Smart Tracking Watch, Mass Effect: Andromeda NOMAD ND1 RC Car, Sky Viper v2400 HD Streaming Drone, AirHogs FPV High Speed Race Car, Cognitoys Dino and the Star Wars BB-8 Droid.
All Wi-fi and Bluetooth enabled toys are vulnerable to attack and there’s no way of preventing according to the researchers.
Hackers are able to tap into the devices, because the toys each have their own hotspots, without any form of security or privacy settings.
Where phones, laptops and tablets have options to set passwords for the user to secure their device, the toys don’t – leaving them vulnerable to anyone who wants to log in.
JP Jones at Top10VPN told MailOnline: ‘Imagine you have a child in a block of flats, you can see neighbours’ Wi-fis but cannot connect as they are usually secured.
‘Nosy neighbours can connect to these toys and will be able to access a lot of sensitive information.’
While the manufacturers aren’t breaking any rules by not having a privacy and security settings on the toys, the researchers believe they should more responsible.
Simon Migliano, head of research at Top10VPN.com, added: ‘It’s roughly tens of thousands of pounds to create the security features, but that i..