Even to this day, some IoT device owners tend to not give much importance to how vulnerable these devices may be, and, as a direct consequence of their negligence, it is indeed them who (accidentally) create those open doors hackers need. However, if the issue starts involving our children, then the subject gets a whole other meaning. And the fact that smart-toys may put your child at serious risk should be more than enough to send shivers down your spine.
After the My Friend Cayla doll became infamous for how easily it could be hacked, eventually resulting in its total banning in some European countries, a new case involving other smart toys popped up. This latest security concern involves the so-called CloudPets, stuffed cats, dogs, bears and whatnot, which are able to play and store any voice messages sent to them via a mobile app. The original idea behind the toy was to bring closer distant parents and their kids (like active duty military since there’s free shipping for them), which, in itself, is anything but reprehensible. However, a sweet idea can be easily turned into a living nightmare, like in the case of My Friend Cayla, once a hacker figures out how to tamper with the toy’s weak security settings, then your child is at that person’s mercy.
And sadly, the nightmare became true: not long ago more than 820,000 CloudPets user accounts were exposed.
My Friend Cayla All Over Again
Despite being released in 2015, a whole year after the infamous My Friend Cayla accident, the CloudPets stuffed toys didn’t even need to be hacked in order to be considered as privacy threats. In fact, Troy Hunt, a digital security expert, was able to easily access sensitive data, such as the child’s name, birthday, email address, relationship with authorized users and, most shockingly, a photo. And not just that; nearly 2.2 million unencrypted voice recordings were also accessed from an insecure cloud database that didn’t require any kind of authentication.
Spiral Toys, the company behind the cute and chatty stuffed animals, rejected accusations, even going as far to claim that all news regarding private messages or images being compromised on the internet are completely false. The company’s attitude is already outrageous in itself, but what’s even worse is that some experts even go as far as claiming that they were actually trying to warn the company for months about these concerns to no avail. In short, one thing’s for certain: the company didn’t inform users about the leak, as their passwords are still active.
Hush Little Baby, Don’t Say a Word
Privacy breaches are extremely serious by themselves but, as we mentioned before, the moment they affect our beloved ones, especially close family members, they get a whole other meaning. However, it is you, the parent, who should take measures towards increasing the online privacy of your youngest relatives, especially in an age where the old-fashioned “that’s not a toy” statement is simply reaching its final days.
Start with proper education about the ever-increasing digital world and its dangers: tell the little ones in a simple way why their favorite websites are not safe. Better yet, educate them about the dangers of the internet and at least consider investing in a VPN router to assure a safe connection and full anonymity. Aside from that, make sure to not expose your children too much, not even in your own social media profiles, as the moment you hit the publish button you’ll have a hard time recovering any precious information.