You know when you were a kid and you’d sometimes lie in the dark, wondering whether your toys were watching you? Well, in a sense, in the age of IoT this may actually be correct. And the more worrying aspect is who else could be listening in.
A range of indiscreet internet-connected cuddly toys have been leaking conversations between children and their parents onto the internet, and also left their personal data unprotected from Christmas Day through to the second week of January. Over 800,000 user accounts have been affected and more than 2 million private communications exposed online. The teddy was marketed with the tagline ‘A message you can hug’, so voicemails include very personal messages from both parents and children – not something you want floating around online.
Despite this, the CloudPets manufacturer – California-based Spiral Toys – has yet to confirm the leak, which has resulted in several malicious parties making ransom demands for the trove of voicemails. Security researchers are not impressed, describing Spiral Toys as irresponsible for neglecting to password-protect their products and for failing to front-up after the debacle. It’s not, however, the first time that a ‘smart’ toy maker was caught up in cybersecurity woes – Germany recently banned My Friend Cayla dolls over fears their inherently lax cybersecurity settings were leaving the door wide open to hackers. In both cases, there is unfortunately very little affected customers can do – except, of course, to change passwords again. You know, just in case.