Children across Scotland could be targeted by predators using toys and devices bought as Christmas presents by unsuspecting parents, a leading cyber security expert has warned.
Dr Xavier Bellekens said receiving certain connected or ‘smart’ gifts which discretely capture and transmit data could be “one of the worst things that can happen” to a child as it may allow strangers to listen, watch and even speak to them.
The Strathclyde University expert highlighted a number of recent cases where popular children’s toys and products have been revealed to be vulnerable to hacking, and called for parents to be more aware of the risks.
Earlier this month, consumer group Which? and cyber security firm NCC Group found a set of popular walkie talkies was one of a number leading children’s products which have flaws meaning strangers could, under certain conditions, contact users.
Dr Bellekens, a former Abertay University lecturer, said: “We need to educate parents and children to make them understand the risks of these devices.
“There are conversations to be had to raise that awareness but we also need stronger legislation to make companies more liable for data leaks.
“One of the problems is parents don’t look at the box and see where the data collected is going. The first step is to ask if they really need the device. After that, research the product and read the product description.
“Is the toy recording data? Has the data been encrypted? Has the company been hacked before? If it has, I think they should be very careful.
“They should also look at the connections and whether location data is being gathered. I wouldn’t want information on my child being collected and then sent somewhere without my knowledge.”
Which? research has also identified karaoke toys with design flaws which could enable a stranger to stream audio to a child from metres away because of a lack of Bluetooth authentication.
Dr Bellekens insisted companies must do more to make devices safe for children but warned the market has been “flooded” with smaller and overseas firms, meaning there is less incentive or capability to address security concerns.
He said: “In the case of children, companies should really do more – they must take proactive steps to protect devices for children.
“Larger companies like Google have taken some of those steps already. Once in a while a vulnerability is found but these companies are usually able to patch those issues.
“The market is being flooded with smaller companies or ones from other countries so increasingly the incentive is not there to work on fixes for these problems.”
Dr Bellekens said most devices now have options to modify settings around privacy and security but there are fewer controls on children’s products. He said this is what makes them “so dangerous”.
Children’s charity NSPCC Scotland said it is “really important” parents understand the potential safety risks of any toys or devices connected to the internet.
A spokesman added: “The new Age Appropriate Design Code from the Information Commissioner’s Office should include provisions for smart toys so children are protected when they use them.”