Toys with an Internet connection to keep pace with time, but a danger to children and their parents. How personal data owners of teddy bears are on the network and why experts do not recommend to buy them.
“Smart” plush toys CloudPets by Californian company Spiral Toys were in the center of the scandal: the hackers allegedly gained access to 2 million calls owners of such devices.
In addition, it is reported that the toy manufacturer has been repeatedly informed that the personal data of users hit the online space, but hacked base remained in the public domain for another week before it was removed.
Spiral Toys specializes in the manufacture of children’s products that are connected to the Internet. CloudPets Toy positioned the company as “a message, which can be a hug.”
It is designed for communication between parents and children if they are located far from each other: the user writes a message using a special mobile application that plays a plush animal.
Pressing the button on the foot toys, you can send a voice response, which goes to the mobile device via Bluetooth, and then sent to the recipient device. Before use CloudPets, you must register online.
Telecommunications and mobile technologies are important for the inhabitants of the metropolis, such as electricity and water supply. But people forget that you can not blindly.
According to the Motherboard ,
In January 2017, hackers gained access and stole email addresses and hashed passwords of about 800 thousand. CloudPets owners.
Unfortunately, the company does not put any increased requirements for password strength, which, according to security expert Troy Hunt, led to the rapid deciphering most of them.
“These people are in the cloud CloudPets viewed several times by unidentified persons. There is reason to believe that in some cases the information required for ransom – Hunt said in his blog . – The fact that unauthorized access to the database has been established now, but none of the victims had not been notified. ”
At the end of his report, the expert warned parents of the dangers that are fraught with such toys.
“Buying CloudPets or any other similar device, you should be aware that your conversations can easily be in the hands of criminals,” – writes Troy Hunt.
Motherboard of experts agreed with a colleague and advised to refrain from buying toys related to the Internet of things, and to get “good old teddy bear without access to the network.”
Executive Director Mark Myers CloudPets denied the information about the theft of audio. “Were talking shoppers merged? Of course no. The headlines screaming about the leakage of 2 million records, do not correspond to reality, “- said Meyers in an interview with NetworkWorld magazine.
Internet company Yahoo! announced that in 2013, unknown hackers stole personal data of more than 1 billion users of the service.
The Guardian reported that the words Myers is likely to relate to the fact that the recorded conversations stored in a separate storage – to Amazon S3 file hosting in the public domain. At the same time, to get access to the data through authorization is not needed hacker simply guess the correct URL, and easy to listen to what customers say CloudPets with their children.
The publication also indicates that CloudPets in its official video manual recommends that customers use a password when registering «qwe», which clearly demonstrates not in favor of the manufacturer and gives reason to believe that data security is clearly not in the company’s priority.
the group management of ESET products Sergey Kuznetsov told “Gazeta.ru” that
under normal use toys with access to the Internet is no more dangerous than any other gadgets with similar properties, such as smartphones and tablets.
“If the toy is connected to Wi-Fi for Internet access, it is sufficient to comply with the standard recommendations: do not connect to public networks, use WPA2-encryption, set complex password to connect to the network, set up a filter on the MAC addresses or hide its point of access from outside “- suggested the expert.
This is not the first time innocent children’s toys accused of actual espionage. At the end of 2016, the focus was the doll Cayla from the American company Genesis Toys. This doll could communicate with the child and answer his questions, getting information from the Internet.
A resident of Petropavlovsk-Kamchatsky has appeared involved in the case after it has acquired a handle to the function of photography and sound recording … →
After it was discovered that Cayla record conversations and send them to some third company specializing in speech recognition, this toy has been officially banned in Germany.
The Federal Network Agency has recognized the country Cayla disguised spy device and asked parents to “get rid” of dangerous doll.
In addition, it was seen and “adult toys” of illegal data collection – vibrators We-Vibe 4 Plus, which is controlled by a smartphone.
As it turned out, a Canadian manufacturing company collected personal information about users of its devices in real time, capturing the moment of switching devaysa, its temperature and other data, thereby violating the law on privacy.