Smart Teddy Bears Involved in Massive Data Breach

Account information on 800,000 CloudPets users was left unprotected on the internet, as well as 2.2 million voice recordings sent between children and their loved ones, according to reports. In the case of CloudPets, owned by SpiralToys, it wasn't the cute and huggable smart stuffed toys hackers were hugging, but the data. The parent or child speaks into a microphone inside the toy, which uses a Bluetooth interface to upload the recording to cloud storage via an Android or iOS smartphone app tied to an account. The leak was announced on February 27 and it drew the attention of several security researchers who argued that due to this glitch, hackers may have been granted access to users' recordings.

Numerous passwords for the CloudPets accounts were easily crackable because no rules for password strength were enforced, meaning they could be just one character long.

Those recordings don't necessarily present a security threat in and of themselves, Hunt said, but parents should certainly be aware of what's out there. After advising a password reset, Hunt asked for his original CloudPets password. However, connected toys pose certain privacy and security risks that, if exploited, could have lifelong impacts for affected children.

With a little sleuthing, and some help from CloudPets users willing to serve as guinea pigs, Hunt tracked down some surprisingly personal information on the CloudPets servers.

But as Hunt and other investigators found, kids' information was stored in an insecure database that didn't require authentication to access it. Anyone who saw the data could download a child's CloudPet audio files, and there was no way of telling how many people had done that at this point, according to Hunt.

It's all very innocent and cute, until you fast forward to December of a year ago when the CloudPets database started leaking private information like a sieve.

The breach was first reported in a blog post from Troy Hunt, a Microsoft regional director, on Tuesday.

He noted that California, where Spiral Toys is based, requires companies to notify users in the case of a data breach, which includes the disclosure of email addresses and passwords that permit access to an online account.

Analyst's Predictions on Verizon Communications Inc. (VZ), Wal-Mart Stores, Inc. (WMT)
The Average Volume of the company is 8.77 Million and P/E (price to earnings) ratio is 15.72, while Forward P/E ratio is 16.72. The stock is now moving above its 20-Day Simple Moving Average of 5.31% with the 50-Day Simple Moving Average of 5.31 percent.

Connected toys have been hacked with childrens' voice recordings leaked and attackers leaving ransom notes in the targeted database - but the company behind the stuffed animals has refused to admit it's done anything wrong.

Equally troubling, Stone says he'd spent five months attempting to report the issue to Spiral Toys, however he's received no response.

The latest cautionary tale comes from CloudPets, a company that makes cute bears and dogs that can pass voice messages between kids and their parents.

Smart devices are proliferating, many of them through crowdfunded efforts or new startup business ventures. "We have to find a balance", he said, referring to the need to weigh security against ease-of-use. Rather shockingly, he added: "We looked at it and thought it was a very minimal issue".

Victor Gevers, who is a security researcher at the GDI Foundation, claimed that he also revealed the breach from CloudPets and attempted to contact the company last December.

The main takeaway? Think twice before you welcome any internet-connected device into your home, particularly ones that children may interact with on a regular basis.

What does Troy Hunt say about that?

Recommended News

  • YouTube Is Launching a Streaming Service With Real Cable Channels

    YouTube Is Launching a Streaming Service With Real Cable Channels

    Local news programming from network affiliates will also be included, according to Robert Kyncl, YouTube's chief business officer. Subscribers will also get access to shows that had previously been available exclusively on YouTube Red.
    Cosby lawyer demands trial be moved, cites 'corruption' by media coverage

    Cosby lawyer demands trial be moved, cites 'corruption' by media coverage

    It has almost twice the population of Montgomery County, which is the third largest county in the state. Prosecutors said they were opposed to the defense team's "jury shopping".

    Nice and easy for Federer in DDF Tennis Championships opener

    Wawrinka only returned back to the court to practice last week but feels ready for his opener against the 24-year-old Dzumhur. The Swiss is looking for his eighth title at the tournament and will next play either Mikhail Youzhny or Evgeny Donskoy.
  • Former President Obama Spotted Leaving Fifth Avenue Store

    Former President Obama Spotted Leaving Fifth Avenue Store

    On Thursday, an Instagram photo showed Obama in SoHo at a restaurant with his daughter Malia . Obama is back in the U.S. after a brief holiday in the British Virgin Islands.

    'Get Out' tops box office with huge $30.5 million in ticket sales

    Building up its box office total: The Lego Batman Movie earned an extra $19 million in its second week, nabbing second place. It finished at the top of the box office all three days while Lego Batman limped in with about half that at $9.6 million.

    Gunman kills girl, 8, after auto accident

    DeMaree Atkins, 8, was shot and killed in Houston just moments after getting into a vehicle crash with her mom. DeMaree Atkins was transported to a local hospital by paramedics, where she was later pronounced dead.
  • Goldman Says Tesla Stock Could Still Tumble 25%

    Goldman Says Tesla Stock Could Still Tumble 25%

    The fund owned 20,120 shares of the electric vehicle producer's stock after buying an additional 18,193 shares during the period. Tesla recently announced fourth-quarter and full-year financial results that dampened investor enthusiasm for the company.

    Nation's Pediatricians Warn of Rising Risks to Youths From Loosening Marijuana Laws

    An influential USA doctors group has released a new report advising parents against allowing their teens to use marijuana. Stratyner says marijuana affects short-term memory, especially in young brains that are still developing.

    Rickie Fowler's putt was swallowed by a sprinkler head

    Then again, confidence goes a long way, and he picked up plenty of it with his three victories a year ago on the Web.com Tour. He and his brother, who grew up in SC and attended the same high school (Dutch Fork) as Johnson, stumbled into making videos.
  • Strenuous Workout May Kill Male Sex Drive

    The next step was to classify the men according to their workout habits, regarding whether they exercised for long or short time. They were categorized in groups based on the length and intensity of their workouts as well as on the strength of their libido.

    99-year-old woman 'arrested' to check off bucket list

    For one 99-year-old grandmother from The Netherlands, getting arrested was one of them. Luckily, her niece arranged the whole affair. The motive? It was on her bucket list.

    Raptors' loss of Lowry opens door for Wizards

    Now in fourth-place in the Eastern Conference, Toronto currently sits behind the Cavaliers, Boston Celtics and Washington Wizards. Toronto Raptors' star point guard Kyle Lowry will have surgery on his right wrist, the team announced Monday .

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.