Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Smart Devices Put Privacy at Risk
IoT Risks Are Worrisome, with Hacked Toys and Privacy in Harm's Way
IoT Risks Are Worrisome, with Hacked Toys and Privacy in Harm's Way
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
A database containing account information used by children’s stuffed toys has been hacked, exposing the personal details of hundreds of thousands of parents and their children.

The latest security debacle comes courtesy of toys called CloudPets. Marketed as “the message you can hug,” the Bluetooth-enabled stuffed animals are connected to a cloud server, allowing parents and children to record and transmit voice messages through the toys.

However, those messages were being stored in an unsecured MongoDB database that could be indexed using the Shodan Internet of Things search engine, making it easy for hackers to download the database that contained as many as 820,000 email addresses, passwords and more than 2 million associated voice messages, according to reports.

Breaking the Cardinal Rule

Security blogger and researcher Troy Hunt wrote about his discovery of the leaked data on his Web site. “People found the exposed database online,” Hunt said. “Many people and the worrying thing is, it's highly unlikely anyone knows quite how many.”

The database in question seems to include both staging and testing environments. What's unusual is that both environments face the public Web despite containing real customer data, breaking the cardinal rule of never putting production data into a non-production system, Hunt said.

“It also potentially exposes the production system (and production customer data) to developers building the software (another cardinal rule broken), but at this stage when it's entirely open to the Internet anyway, that would be the least of their worries," he said. "The point is, what's disclosed . . . suggests the problems go deeper than data exposure alone.”

Big Sister Is Watching You

But CloudPets aren't the only new devices on the market giving heartburn to security and privacy experts. Amazon’s personal assistant, Alexa, could be used to spy on consumers for the police.

At least, a prosecutor in Arkansas is hoping that will be the case. The Benton County prosecuting attorney has demanded that Amazon hand over voice recordings of an Echo device using the Alexa AI (artificial intelligence) owned by a man who is a suspect in a murder case.

The Alexa assistant is voice activated, and it's always listening. When a user speaks a keyword, the Echo device records all the audio that follows and sends it to Amazon’s servers, where an analysis of the recording is performed.

The Arkansas prosecutor is demanding that the company hand over the audio files the Echo recorded the night of the alleged murder. Amazon has so far resisted the demands, calling them overbroad and inappropriate.

Still, as more devices become connected to the Internet and store more customer data remotely, the risk that even your speakers and your children's favorite toys could be used against you is becoming very real.

Image credit: iStock/Artist's concept.

Tell Us What You Think


Peter Montgomery:
Posted: 2017-03-01 @ 11:25am PT
George Orwell's predictions were about 30 years premature but he was pretty close to the mark. But it is not because of governments but commerce, and not by government policies but human folly. We have connected ourselves to "Big Brother" and invited him into our lives!

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.