Smart Toy Security Breach -8

Artificial Intelligence is becoming more prevalent in consumer goods, and has made it way into the world of toys as well. Many toy manufacturers are beginning to incorporate AI into their products and although these products are capable of performing many fascinating things they don’t come without drawbacks. Many Toys that utilize AI need to be connected to internet and they also collect large amounts of personal data from their users which creates some privacy and security concerns. A recent article from , CNN Tech writer Selena Larson demonstrates some of the potential security and privacy concerns. Selena discussed CloudPets, a new line of AI Toys, that had their database hacked, and as a result millions of voice recordings from kids and parents were leaked. CloudPets was subject to a security vulnerability which allowed anyone to view data stored by the CloudPets toys, which included personal information, photos, and voice recordings. Article explains that at one point hackers even tried to hold the data for ransom. In total, 820,000 user accounts were exposed and 2.2 million voice recordings were leaked. CloudPets toys connect to a smartphone app that allows parents and loved ones send messages to their children played through the stuffed animals. The toys offers a fun and exciting experience for parents and children but also require, large amounts of personal information, for example when you create an account with CloudPets, you give it your child’s name, email address and photo. After the hack investigators found, kids’ information was stored in an insecure database that didn’t require authentication to access it and said it was like to not having a password for your email. What makes this situation even scarier is that the failed to inform the users of data breach. It was only after concerned users contacted an independ internet security investigator that the data breach was made public. Investigators suggest that CloudPets, and its maker Spiral Toys, based in California, are in violation of the state law which requires companies to notify users if their information was exposed online. Both Spiral Toys and its CloudPets division have engaged in strange behavior regarding the reporting of the breach. First of experience strange behavior on their accounts users email CloudPets with their concerns and emails went unanswered. Next, security investigator, attempted to contact CloudPets and they also received no response. At that point the sensory investigators decided to go public with concerns and Lorenzo Franceschi-Bicchierai writter fot the tech publication Mortherboard. Franceschi-Bicchierai attempts to contact CloudPets were unsuccessful. Finally the investigators were able to team up with CNN Tech  which was able to make contact with parent company of CloudPets, Spiral Toys which said that The company said no messages or images were compromised. Currently the situation is still ongoing. I think the situation with CloudPets is an example of why people should be proactive with security and privacy it comes to their personal information. Companies may not follow proper security protocol and at the moment there are not many laws to protect of personal data. As AI technology becomes more and more popular in toys, I think it is important for users to be aware of the security and privacy issues because they involve children lives. This topic brings up interesting questions about who is responsible for the protecting the data; is it the users, the manufactures, or the government?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s