2 min read

Creepy CloudPets pulled from stores over security fears

Graham CLULEY

June 07, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Creepy CloudPets pulled from stores over security fears

Good news for privacy-conscious parents of young children!

Major retailers have begun pulling CloudPets cuddly toys from their shelves after warnings were issued that the internet-enabled toys posed a risk to privacy.

A year ago it was revealed that more than 2.2 million voice recordings of children and parents, as well as 800,000 associated email addresses and passwords, had been carelessly leaked through lax security on a MongoDB server.

Spiral Toys, the manufacturer of the so-called “smart” toys, claimed to act swiftly to fix the problem – and another vulnerability which could allow a remote hacker to not only record audio but also broadcast messages via the toys.

In the following video you’ll see just how easy it proved to be for a hacker within Bluetooth range of a fluffy CloudPet to hijack control of the toy.

At the time, news of the security breach was widely reported and even managed to gain the attention of comedians on late night US talk shows.

The issue was, of course, no laughing matter.

And twelve months after the initial disclosure of the security problems, researchers found that Spiral Toys had still not implemented proper authentication techniques to protect against hackers spying on children via cuddly CloudPets.

Concerns were also raised that SpiralToys had allowed a domain used to host a tutorial for the toys – mycloudpets.com – to lapse, opening opportunities for criminals to use the URL for phishing attacks.

As Consumer Affairs reports, the EFF wrote a letter to Walmart, Target, and Amazon, voicing their concern that the insecure cuddly toys were being sold to unsuspecting consumers.

Part of the letter read as follows:

What CloudPets demonstrates is the potential privacy risks that even a toy with limited
connectivity can pose. More importantly, it also shows how these toys are entry points
for companies to generate a consumer base from children for other digital products in
the future. That’s why it’s so critical that privacy and security be at the forefront of
makers’ minds.

We believe retailers have a crucial role to play when it comes to helping encourage
manufacturers to respect the trust of their consumers. We hope you will immediately
pause the sale of CloudPets, and we look forward to working with you on more
proactive, positive steps that could be taken to protect customer safety, security, and
privacy.

Last week, Walmart and Target stopped selling CloudPets. This week, eBay and Amazon joined them.

Action like this means that less people are likely to buy these particular insecure childrens’ toys. It’s foolhardy to think, however, that there aren’t other products out there which are doing a similarly dreadful job at securing the privacy and safety of society’s most vulnerable consumers.

tags


Author



Right now

Top posts

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read