Wednesday, March 1, 2017

Talking CloudPets Dolls Leaked Millions of Kids’ Voice Recordings

CloudPets are internet-connected dolls that allow parents to exchange voice recordings and photos with their children via cuddly, stuffed messengers. Unfortunately, the mobile app that CloudPets used had a major security flaw that allowed anyone to access the sensitive information shared using CloudPets toys.

According to security researcher Troy Hunt, who publicized the issue, the design flaw exposed 820,000 accounts and around 2.2 million voice recordings.

The CloudPets scandal is the latest cautionary tale involving the Internet of Things. Like many other internet-connected toys, messages relayed through CloudPets are actually stored on the cloud. Hunt discovered that customer records, account information (including passowrds), children’s voice recordings, and photos were stored on an insecure database “exposed publicly to the web without so much as a password to protect it”, Hunt wrote in a technical blog post detailing the security lapse.

“I suspect one of the things that will shock people is that they probably didn’t think through the fact that when you connect the teddy bear, your kids voices are sitting on an Amazon server,” Hunt said, according to CNNTech.

And at one point, some malicious actors deleted the data from the database, tried to hold that information hostage in exchange for a ransom of Bitcoins. The information is back up on the database, but Hunt believes that CloudPets simply restored it using a backup.

Hunt repeatedly attempted to reach out to CloudPets when he learned of the leak, but didn’t succeed in making contact with anyone from the company. CloudPets has done nothing in response to the issue so far, despite the news, and has been unreachable to journalists.

Hunt has advised CloudPets customers to change their passwords if they re-used them elsewhere and file a complaint with local regulators.

Want a FREE iPhone 7? Click here to enter our monthly contest for a chance!
Follow us on Apple News by pressing the (+) button at the top of our channel



from http://ift.tt/2mHcM79
via IFTTT

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.