The last thing anyone wants to add to any security systems Bunbury are open holes and flaws waiting to be exploited, which is why Amazon’s online stores are pulling its CloudPets product line, after researchers have pointed out that the ‘smart’ toys were full with security flaws.
Fellow tech company, Mozilla, contacted Amazon early in June to alert them of research which pointed out the security flaws found on CloudPets, which was then followed by Walmart and Target removing the products from their catalogues, ahead of Amazon.
According to Mozilla’s VP of Advocacy, Ashley Boyd, in an age where data leaks are becoming more and more commonplace, and products with security flaws like CloudPets are still out on the market, ready to compromise security systems Bunbury and across the world, has made him worry about the security and privacy of his kids.
CloudPets are stuffed bears that allow parents and kids to make audio recordings for each other via a microphone installed in the toys. An app on the parent’s phone then allows messages recorded via the bear to be remotely accessed by the parent. They can then opt to respond by recording a message via their connect phone, which is then sent over to the bear.
Recordings made via CloudPets or the associated app then goes through the internet and are converted into audio files for storage by toy company Spiral Toys. Back in 2017, hackers were able to penetrate their database, making off with the email addresses, passwords and recordings from children, which have been held to ransom at least twice now, with more than 800,000 people affected by the intrusion.
The vulnerabilities was discovered by Mozilla and Cure53, a cybersecurity research firm, after they tested the system following the first breach in 2017.
The joint effort discovered that the Bluetooth vulnerabilities that led to the original breach was still open, on top of the mobile app’s connected site, ‘mycloudpets.com/tour’, was up for grabs and could be easily accessed by malicious parties. The third vulnerability noted in the toys was that there were no security checks to stop criminals from installing firmware in the toy, which would allow them to hijack it with little issue.