Who’s Listening: A Kid-Friendly Cyber Threat

By: Katherine Escalante*| Staff Writer

 https://pixabay.com/en/binary-black-cyber-data-digits-2170630/

At its core, CloudPets’s new toy brings a personal touch to a stuffed animal. A parent can send a recorded message through an app, which transmits through the stuffed animal, allowing your loved one to hear your voice.  However, this personal touch may come at the cost of your personal information, passwords, and access to your voice.  Like other toys that connect to the internet, this toy stores all that information in the cloud.  With scammers developing new ways of attaining personal information, this purchase is surely something parents will have to think about twice before buying.

Concerns arose when a report pointed out the data on the server was left completely exposed.  Not only was there a breach, but one of the tipsters tried to contact CloudPets without success.  Following this revelation, Motherboard, a tech site, revealed that the stuffed animals could easily be hacked and turned into spy devices.  Shodan, a search engine that is used to find unprotected websites and servers, found and inspected the data.  The exposed data is said to have included roughly 800,000 user account credentials.  These credentials included emails and passwords, with the weak passwords being an easy target.  A major security concern is CloudPets’s lack of responsiveness with regard to the reports.

 https://pixabay.com/en/binary-black-cyber-data-digits-2170630/

Another key issue is the timing of CloudPets’s security hacks.  These concerns associated with CloudPets stirred only a few weeks after headlines that Germany banned an internet-connected doll called “Cayla” over the fear that hackers could target children.  The growing unease is due to the ways in which the technology could be exploited by hackers to target children or to eavesdrop on conversations.  With many people using nicknames or commonly used words as passwords, this new technology poses an even bigger threat.  After roughly 2 million recordings were leaked, the likelihood that commonly used words will be detected is very likely.

Ultimately, this company is offering a service and with that service there is an expectation that the data being transmitted will be adequately protected.  There are far too many issues with accidental recordings or a frequently used word that could be used as a password.  The risk is not worth the added touch of recording a personal message, especially when there are other means of recording a personal message on a stuffed animal that will not leave consumers exposed to cyber security threats.  For now, consumers are better off making a phone call than using a stuffed animal to leave a loved one a message.

Katherine Escalante is a second-year law student at Wake Forest University School of Law.  She holds a Bachelors of Arts in International Relations and Global Studies.  She is currently a staff blogger for the Journal of Business & Intellectual Property Law at Wake Forest University. Upon graduation, she intends to pursue a career in Intellectual Property Law.