June 14, 2018

Toy Cybersecurity: What You Need to Know

Your 16 year old hacks your 9 year old’s CloudPet – What Could Possibly Go Wrong?

As children, we conveyed our deepest, darkest secrets to our stuffed animals. Now, the interactive stuffed animals pose a serious security threat – are you at risk? This short video shows a CloudPet Unicorn being hacked to shout Dalek threats to it’s owner:


So What’s the Big Deal?

CloudPet’s unsecured MongoDB server allows children to send and receive audio messages via the cloud and an iOS or Android app. Imagine your child sending out their address, phone, email to a predator? Last year, more than half a million people had their data and kids’ voice messages exposed. 16 months after the initial hack, Walmart, Amazon, eBay and Target are finally pulling the Cloudpets from online shelves. Ways this could pose a threat to your child or family:

  • Eavesdropping: With 2-way communication, if your child’s daycare provider’s out for the day and you need to bring them to your office meeting, that toy could pick up sensitive data. With no security layer on these CloudPets, a hacker could easily capture the conversations.
  • Delayed Hack: While your child’s birthdate and phone might not necessarily pose a threat now, it certainly could when your child applies for a credit card at 18 and finds their identity has been used elsewhere and ruins their credit.

What Can You Do?

  • READ The PRIVACY TERMS: Consumer Affairs quoted the researchers who found the Bluetooth vulnerabilities in the CloudPets back in 2017 warned that “The company clearly does not care about their users’ security and privacy being violated and makes no effort to respond to well-meaning attack reports, further facilitating and inviting malicious actions against their users.”
  • TEACH Your Children Well: If your child needs to share secrets, share them with a non-interactive stuffed animal. Teach your child that giving out address and phone numbers should only be in an emergency and only to a trusted adult.
  • EXTERMINATE: Protect your child’s privacy by destroying the mechanism inside the toy and keeping your interactive toy quiet. Ship-n-Destroy can help you properly and securely destroy and dispose of the mechanism, along with outdated smartphones, laptops and devices to keep you and your family’s sensitive data safe. Visit http://shipndestroy.com for more information.