Horror films featuring malevolent children are scary as hell for a reason: the cognitive dissonance between their innocent appearance and evil minds.
Deceptive teddy bears are similarly frightening. In CloudPets’ case, their cuddly fur belies their privacy-breaching tendencies.
The toy bears allow children and parents to exchange recorded audio messages via the internet. However, these recordings, and the personal information of 800,000 CloudPets users, were left exposed online by manufacturer Spiral Toys.
Hackers took advantage of this, removing the user database and demanding that Spiral Toys pay them for its return.
Independent security researcher Troy Hunt explained that while CloudPets’ database wasn’t specifically targeted, parents should “work on the assumption that everything they put online may be compromised”.
In this case, Hunt said the worst outcome is that parents can feel violated, as there’s not much hackers can do with kids’ voices. When it comes to their pictures, though, which could be uploaded, there may be cause for greater parental concern.
CloudPets aren’t the only playthings with a devious reputation. Germany banned the Cayla doll after concerns it could ‘spy’ on kids and their parents and harvest personal data.
Despite this, ‘smart’ devices continue to grow in popularity, including in the kids toy space. Mattel’s Hello Barbie, which uses Siri-like technology, is just one such example.
And the more smart devices there are with open, online databases, the greater the chances they will be hacked. Dropbox, LinkedIn and Ebay weren’t immune. Neither, it seems, was Spiral Toys.Do you have an idea for a story?
Email [email protected]