A team of security researchers that has warned of the dangers of smart toys has found another that can be used to spy on your children. Pen Test Partners examined the Teksta Toucan, finding that it's easy to hack the device's microphone and speaker.

The device is built by Genesis Industries, makers of the iQue and My Friend Cayla, two devices that are already feeling the heat from regulators. Both are currently being looked at in the US and Europe, while the latter has been withdrawn from sale in Germany. The Toucan had two ways of being accessed, the first of which was simply by connecting to the device's built-in Bluetooth speaker. 

More than 20 million Amazon Echo and Google Home devices are vulnerable to attacks via the BlueBorne Bluetooth vulnerability that was first disclosed back in September.

Security firm Armis said this week that BlueBorne, a Bluetooth-based attack vector that was initially reported as exploitable on phones and PCs with an active Bluetooth connection, is now setting its sights on digital AI assistants. The firm said that both the Amazon Echo and Google Home can be exploited using existing BlueBorne vulnerabilities (of which there are eight in total). 

A consumer group is urging major retailers to withdraw a number of “connected” or “intelligent” toys likely to be popular at Christmas, after finding security failures that it warns could put children’s safety at risk.

Tests carried out by Which? with the German consumer group Stiftung Warentest, and other security research experts, found flaws in Bluetooth and wifi-enabled toys that could enable a stranger to talk to a child. The investigation found that four out of seven of the tested toys could be used to communicate with the children playing with them. Security failures were discovered in the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets. 

This morning, Armis security published details of a new Bluetooth vulnerability that could potentially expose millions of devices to remote attack. Dubbed Blueborne, the attack works by masquerading as a Bluetooth device and exploiting weaknesses in the protocol to deploy malicious code, similar to the Broadcom Wi-Fi attack disclosed earlier this year.

Because Bluetooth devices have high privileges in most operating systems, the attack can be executed without any input from the user. Blueborne doesn’t require devices to be paired with the malicious device, or even be set in discoverable mode. 

A researcher has flagged a bug in Google's Nest Cam and Dropcam Pro security cameras that allows an attacker within Bluetooth range to stop either device from recording.

Bluetooth range, of course, is exactly where a burglar would be when planning to ransack a home, and with attack code now publicly available, an intruder could knock Google's security cameras off a wireless network for 90 seconds. That mightn't sound so severe, but since the camera is designed to only store recorded footage in the cloud, the loss of connectivity means the device loses its surveillance capabilities for this period.

Google and Levi's first announced Project Jacquard back in June 2015, promising smart clothes that would be capable of interacting with the mobile devices of the wearer.

Almost two years later, the unlikely partnership has now revealed that a smart jacket named the Commuter will be released into the market in the fall, with a price tag of $350. The Commuter jacket was unveiled by Google and Levi's in May of last year at the Google I/O conference as the first product under Project Jacquard. More details regarding the smart clothing was unveiled at SXSW 2017, including its price tag of $350 once it is launched in the fall.

Apple Inc. is weighing an expansion into digital glasses, a risky but potentially lucrative area of wearable computing, according to people familiar with the matter. While still in an exploration phase, the device would connect wirelessly to iPhones, show images and other information in the wearer’s field of vision, and may use augmented reality, the people said.

They asked not to be identified speaking about a secret project. Apple has talked about its glasses project with potential suppliers, according to people familiar with those discussions. The company has ordered small quantities of near-eye displays from one supplier for testing, the people said.

A vulnerability in FitBit fitness trackers first reported to the vendor in March could still be exploited by the person you sit next to on a park bench while catching your breath.

The athletic-achievement-accumulating wearables are wide open on their Bluetooth ports, according to research by Fortinet. The attack is quick, and can spread to other computers to which an infected FitBit connects. Attacks over Bluetooth require an attacker hacker to be within metres of a target device. This malware can be delivered 10 seconds after devices connect, making even fleeting proximity a problem. Testing the success of the hack takes about a minute, although it is unnecessary for the compromise.

The popular Bluetooth Low Energy beacon protocol isn't just a privacy risk up close – it can spaff your phone's or wearable's movements and security information from a decent distance, and make you trackable. 

BLE best practice is to provide at last a minimal amount of user ID masking – not too much or iBeacons would be useless to advertisers – but even this is ignored, according to a scan conducted by Context Information Security. As the company's Scott Lester describes randomisation is either badly implemented or ignored completely in everything from cheap wearables up to iPhones. As a result, all that's needed to stalk a BLE owner is a smartphone and an app.

This story began a few months ago when I got a popular brand of fitness bracelet. As this is a wearable device I installed Android Wear app, an application developed especially for wearable devices. This application easily connects to the fitness band.

However, there was something odd: the program could connect to a Nike+ Fuel Band SE, but my bracelet was another brand! It wasn't long before I realized my colleague had a Nike wristband – and he didn't even notice I had connected to his device. After that I decided to do some research and find out how secure my wristband was. Smart bracelets: communication with a smartphone.