CloudPets Nightmare Part 2: Toys Can Be Hacked via Bluetooth

[Bot]

The CloudPets nightmare seems to have no ending and, even worse, take on new shapes. After it was revealed that it leaked hundreds of thousands of user recordings and credentials, it now seems that its Bluetooth Web API is not really safe against remote exploitation.

So what does this mean for those cute little plushies? Well, these toys allow a webpage to connect to the toy via Bluetooth without any authentication, giving it the power to control the gadget and record from the CloudPet's microphone. This feature can be used to play sounds through it.

Here comes the nightmare part: the insecure implementation of this API can permit attackers to snoop on families from outside their house. Everything they need to do is open a phone, a webpage, pair it to the nearby toy and listen in.

Researchers from Context Information Security ... (read more)

Read more: CloudPets Nightmare Part 2: Toys Can Be Hacked via Bluetooth

 

[Winter Soldier]

The greatest threat to the safety of the children is that...they are children!

We have reached a stage in the evolution of the technology where consumers can buy and use sophisticated products, including toys, that are not seen as a computer.
It is not easy to help the children to understand the technology, so that they are better equipped to think about the risks to their safety. But, as parents, we need to understand how something works because it is the best way to understand its weaknesses.

Don't let this happen to you and your family. Point instead to know the risks, understand the technology being informed on the new generation of toys connected to it.