Several toys that were tested have been found lacking authentication measures, opening them up to an array of insidious attacks. The toys tested were missing authentication measures for the Bluetooth connection used for pairing toys with their complementary apps or devices. The research is indicative of larger security issues in connected toys, which open them up as conduits to a second-order IoT attack on smart homes. Researchers found that the Singing Machine SMK250PP and a karaoke microphone from Amazon seller TENVA lacked authentication measures.
Source: https://threatpost.com/serious-security-flaws-found-in-childrens-connected-toys/151020/

