Amazon and eBay are some of the retailers that are pulling out from sale a brand of cuddly smart toys after cautions that they may be posing a cyber-security threat. The said concerns were voiced by CloudPets Products last year (February 2017) after the realization that there was unprotected online storage of millions of owners’ voice recordings. Some manufacturers such as Spiral Toys asserted to have taken swift action on the issue but vulnerabilities were later discovered through a research initiated by Mozilla.
Angela Sasse, a human-centered technology professor at University College London argues that declining to sell items that threaten the privacy and security of customers is the only way of making the designers and manufacturers more cautious about the risks that these products pose to the consumers. Angela also indicates that it is not right for the manufacturers to wait till there is exposure of the vulnerabilities by concerned parties such as Mozilla.
Some of the questionable toys include those by CloudPets which include soft animal toys that feature a microphone and a speaker. They thus allow kids to record messages and even play back the voice recordings of relatives and nets which are also uploaded on the internet through an app connected to Bluetooth. Other manufacturers like Spiral Pets addressed the recording issue but Troy Hunt, a security researcher reveals that they only addressed the matter after being contacted four times on the same. Troy added that the data had been accessed severally by unauthorized persons and individuals had even been held at ransom before resolving the matter.
A London-based company – Context Information Security also discovered a flaw with the same toys. They realized that hackers could generate their recordings in a bid to spy on owners. The company also reported that anyone could connect to the toy for as long as it was switched on and not connected to any device. The discovery emanates from the fact that Bluetooth has a range of about 33 ft to 98 ft making it possible for anyone standing outside a home to connect to the toy, upload audio recordings and even receive audio from the microphone.
The research findings by Mozilla on the toys were presented to a digital rights group known as the Electronic Frontier Foundation which then sent a letter to the American retailers selling the items. The letter urged the manufacturers to implement the use of new or improved systems to ensure that the products they stock particularly those that collect children information have specific security systems. Companies like Amazon have eliminated these toys in their American stores but they still appear on the UK site.