More bad news for toymaker Spiral Toys, which left customer data from its „CloudPets“ brand exposed online.
Von Lorenzo Franceschi-Bicchierai | MOTHERBOARD
An internet-connected teddy bear that allows parents and kids to exchange heartfelt audio messages sounds like a great idea—until the parents‘ emails and passwords, as well as the message recordings themselves, are left exposed online to hackers.
That’s what happened to an Internet of Things teddy bear made by Spiral Toys, as Motherboard reported on Monday. The company left a database containing customer data completely insecure. And as it turns out, the teddy bears themselves, part of the company’s CloudPets brand, were insecure too, and could have been easily hacked.
„Anyone within range—10 meters with a normal smartphone—can just connect to it,“ Paul Stone, a security researcher who studied how CloudPets‘ toys work, told Motherboard in an email. „Once you’re connected you can send and receive commands and data.“
In other words, the teddy bears could be turned into a remote surveillance devices, or used to harass toddlers much like some insecure baby monitors were used to terrorize toddlers children in the past.