Image Source: CloudPets.
The vulnerability of children's toys is being questioned following the company Spiral Toys exposing information for 800,000 user accounts and 2 million voice recordings online. The company's product CloudPets, known for recording and sending voice messages between parents and children on teddy bears, kept these credentials in an unsecure database. According to Fortune, security researchers were the ones who discovered that the company's partner app is connected to this unstable website through Shodan, a search engine meant to find vulnerable websites. It is also unknown just how many people have been able to access the personal data through accessing the website.
“Due to there being absolutely no password-strength requirements whatsoever, anyone with the data could crack a large number of passwords, log on to accounts, and pull down the voice recordings,” writes technology professional Troy Hunt in his analysis of the scenario.
Devices such as CloudPets contain an internet connection to make it possible to send these loving words from child to parent. Although the intention behind the toys is sweet, CloudPets is among several other products that have experienced similar security breaches, and The Verge reports that Wi-Fi enabled VTech toys and dolls from a “smart” Hello Barbie line also had easy access to children's recorded conversations on the devices. Such repetition in toy hackings has heightened parents' concerns about their family's safety and why safer internet connections haven’t been normalized in toys.
The Verge's Ashley Carman attributes these recurring mistakes to issues of money and less focus on security. “Building something secure isn’t easy,” Carman writes. “It requires a dedicated team who knows what they’re doing, money to pay those people, and thoughtful consideration. In CloudPets' case, its parent company is floundering financially.”
As of now, it seems that there's little that parents can do to prevent these incidents other than following pre-existing instructions. The toys usually ask for parental permission to collect this personal or vocal data, and parents can look for details such as companies' relationships with third parties. How far the device's Wi-Fi connection reaches is also something to consider when setting up toys like these.
With each of these vulnerability incidents seeming worse than preceding ones, such scenarios bring up the question of whether or not such tech-savvy toys are worth their trouble.
Sources: CloudPets, Fortune, Troy Hunt, The Verge, The Verge 1, The Verge 2
Advertisement
Learn more about Electronic Products Magazine
