Smart Toy Flaws: Why Your Child Could be the Next Hacking Victim

Media Division | March 29, 2017

These days, we are connecting a wide variety of different systems, infrastructure, and items to the internet.  This has provided a whole new realm of convenience and ability, but it has also brought the concerns of cyber security in a variety of areas where it was never before an issue.  Nowadays, even kid’s toys are being connected to the internet, which allows for a large amount of cool and unique features to be implemented into them.  But, unfortunately, from what has been displayed so far, the cyber security of these toys has been less than ideal.

Instances of Kid’s Toy Breaches

Implementing cyber security into kid’s toys may seem a bit strange, as it may raise the question: why would anyone hack a kid’s toy?  And while it can seem weird, as it may be uncertain as to what they would gain, there are various reasons that a hacker may delve into this area.  In fact, it has already been displayed in the hacking of a popular toy.  There was a recent breach of an internet connected toy called CloudPets.  These were stuffed animals that had the ability to record voice messages, which could then be listened to on another CloudPet, which was a fun way for kids and parents to stay connected.  But the database that had held the voice messages of kids and their parents had been left in a vulnerable state, and it did not even require a password to access it.  It had also appeared that hackers had deleted the database and held it for ransom a couple times. A researcher had discovered this and sent several emails to Spiral Toys (the company that created CloudPets) in attempts to alert them, but received no reply.  Later on, the company released a statement saying, “Spiral Toys was notified about a potential breach on February 22 and took immediate and swift action to protect the privacy of our customers,” the company said in its statement. “[W]e carried out an internal investigation and immediately invalidated all current customer passwords to ensure that no information could be accessed.” They had also said that they did not believe that the voice recordings of users had been compromised.  This is a large example of a security breach that could have been easily avoided, had the company actually secured their database in the first place.

There are several other examples of vulnerabilities in kid’s toys, including, a connected doll called My Friend Cayla, the talking Hello Barbie doll, Fisher-Price Smart Toy, and Vtech’s Learning Lodge app.  A hacker can have a multitude of different intentions when performing an attack, and it could even be to simply be malicious, or just because there was a vulnerability there to be exposed.  Whatever the case, manufacturers of kid’s toys need to begin putting attention and focus on implementing proper cyber security from development onward.  Negligence or a lackadaisical attitude in regard to cyber security is unacceptable in our age of technology.

Protecting An Organization from Security Breaches

Cyber attacks and breaches are more common than they have ever been.  With the massive amount of devices connected to the internet, attackers have more opportunities and vectors available to them.  This is why organizations and manufacturers need to provide comprehensive security in all potential directions of attack.  A single security breach can cause a wide array of damages, such as money and data loss, and reputational and trust damage.  Cyber security is an area which must have particular focus when creating, distributing, and using connected devices.  Massive Alliance provides a large selection of comprehensive cyber security services that can help an organization to prevent security breaches.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.