{"id":68,"date":"2018-06-14T01:54:08","date_gmt":"2018-06-14T01:54:08","guid":{"rendered":"https:\/\/www.shipndestroy.com\/blog\/?p=68"},"modified":"2018-06-14T01:54:50","modified_gmt":"2018-06-14T01:54:50","slug":"toy-cybersecurity-what-you-need-to-know","status":"publish","type":"post","link":"https:\/\/www.shipndestroy.com\/blog\/toy-cybersecurity-what-you-need-to-know\/","title":{"rendered":"Toy Cybersecurity: What You Need to Know"},"content":{"rendered":"<p><em>Your 16 year old hacks your 9 year old\u2019s CloudPet \u2013 What Could Possibly Go Wrong?<\/em><\/p>\n<p>As children, we conveyed our deepest, darkest secrets to our stuffed animals. Now, the interactive stuffed animals pose a serious security threat \u2013 are you at risk? This short video shows a CloudPet Unicorn being hacked to shout Dalek threats to it\u2019s owner:<\/p>\n<p>&nbsp;<\/p>\n<p><iframe loading=\"lazy\" title=\"Hacking the CloudPets Unicorn with Web Bluetooth\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/5pQt6Aa3AVs?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p><strong>So What\u2019s the Big Deal?<\/strong><\/p>\n<p>CloudPet\u2019s unsecured MongoDB server allows children to send and receive audio messages via the cloud and an iOS or Android app. Imagine your child sending out their address, phone, email to a predator? Last year, more than half a million people had their data and kids\u2019 voice messages exposed. 16 months after the initial hack, Walmart, Amazon, eBay and Target are finally pulling the Cloudpets from online shelves. Ways this could pose a threat to your child or family:<\/p>\n<ul>\n<li>Eavesdropping: With 2-way communication, if your child\u2019s daycare provider\u2019s out for the day and you need to bring them to your office meeting, that toy could pick up sensitive data. With no security layer on these CloudPets, a hacker could easily capture the conversations.<\/li>\n<li>Delayed Hack: While your child\u2019s birthdate and phone might not necessarily pose a threat now, it certainly could when your child applies for a credit card at 18 and finds their identity has been used elsewhere and ruins their credit.<\/li>\n<\/ul>\n<p><strong>What Can You Do?<\/strong><\/p>\n<ul>\n<li><strong>READ The PRIVACY TERMS: <\/strong>Consumer Affairs quoted the researchers who found the Bluetooth vulnerabilities in the CloudPets back in 2017 warned that \u201cThe company clearly does not care about their users\u2019 security and privacy being violated and makes no effort to respond to well-meaning attack reports, further facilitating and inviting malicious actions against their users.\u201d<\/li>\n<li><strong>TEACH Your Children Well: <\/strong>If your child needs to share secrets, share them with a non-interactive stuffed animal. Teach your child that giving out address and phone numbers should only be in an emergency and only to a trusted adult.<\/li>\n<li><strong>EXTERMINATE: <\/strong>Protect your child\u2019s privacy by destroying the mechanism inside the toy and keeping your interactive toy quiet. Ship-n-Destroy can help you properly and securely destroy and dispose of the mechanism, along with outdated smartphones, laptops and devices to keep you and your family\u2019s sensitive data safe. Visit <a href=\"http:\/\/shipndestroy.com\">http:\/\/shipndestroy.com<\/a> for more information.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Your 16 year old hacks your 9 year old\u2019s CloudPet \u2013 What Could Possibly Go Wrong? As children, we conveyed our deepest, darkest secrets to our stuffed animals. Now, the interactive stuffed animals pose a serious security threat \u2013 are you at risk? This short video shows a CloudPet Unicorn being hacked to shout Dalek &hellip; <a href=\"https:\/\/www.shipndestroy.com\/blog\/toy-cybersecurity-what-you-need-to-know\/\">More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-68","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/posts\/68","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/comments?post=68"}],"version-history":[{"count":1,"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/posts\/68\/revisions"}],"predecessor-version":[{"id":69,"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/posts\/68\/revisions\/69"}],"wp:attachment":[{"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/media?parent=68"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/categories?post=68"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shipndestroy.com\/blog\/wp-json\/wp\/v2\/tags?post=68"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}