Karaoke machines that can be hacked leave children vulnerable to unsolicited voice recordings from strangers, a Which? study has warned ahead of Christmas.
The study found security flaws in popular children’s karaoke products, which meant they could be hacked via Bluetooth connections.
The results were a part of the consumer group’s latest investigation of seven devices sold by major retailers including Amazon, Argos, John Lewis and Smyths, which found that three were vulnerable to being hacked.
Both ‘Karaoke microphone’, sold online by relatively unknown brand Xpassion/Tenva, and ‘Singing Machine SMK250PP’ by Singing Machine allow people within ten meters to send recorded messages to a child because the Bluetooth has no authentication, such as a PIN.
Which? also warned that personal data of those who own the Singing Machine, as well as AI-powered Boxer Robot, board game Mattel Bloxels, or coding game Sphero Mini is at risk, after finding that users are not required to create strong passwords for their online accounts.
Meanwhile, Bloxels and Sphero Mini had no filter protections to prevent explicit language or offensive images being uploaded to their online platforms, Which? Said. Singing Machine responded saying it follows "best practices" and "testing standards".
The consumer group is urging the next government to make it mandatory for manufacturers to ensure smart products meet appropriate security standards such as requiring a unique password before use, data encryption and consistent security updates, before they are able to go on sale.
Natalie Hitchins, Which? Head of Home Products and Services, said: “While there is no denying the huge benefits smart gadgets can bring to our daily lives, the safety and security of users should be the absolute priority.
“The next government must ensure manufacturers design connected tech products with security as paramount if it is going to prevent unsecure products ending up in people’s homes.”