cloudpets
Latest
Connected teddy bears leaked kids' voices online
When Germany banned a connected doll over security concerns, it wasn't being overly cautious. As it turns out, there's a textbook example of what happens when toy data privacy goes horribly wrong. Security researchers have discovered that Spiral Toys' internet-savvy teddy bears, CloudPets, stored kids' voice messages to their parents (not to mention names and birthdays) in an insecure, misconfigured database that anyone could access online. While the passwords for the toys' accounts (over 821,000 of them) were stored in a cryptographic hash, there was no password strength limit -- it was trivial to crack many accounts and download voice data at will. And it gets worse.
