logo
logo

Two million recordings of families imperiled by cloud-connected toys' crappy MongoDB

avatar
Michael Nicewander
img

Essentially, the $40 cuddly CloudPets feature builtin microphones and speakers, and connect to the internet via an iOS or Android app on a nearby smartphone or tablet.

Families can use the fake animals to exchange voice messages between their children, friends, and relatives.

For example, a parent away on a work trip can open the CloudPets app on their smartphone, record an audio message, and beam it to their kid's toy via a tablet within Bluetooth range of the gizmo at home; the recording plays when the tyke press a button on the animal's paw.

Similarly, the youngsters can record messages using the stuffed creature, and send the audio over to their mom, dad, grandparent, and so on, via the internet-connected app.

These voice clips, along with records of 820,000 CloudPets.com accounts associated with the each of the toys, have been left wide open on the internet, with no password protection – allowing gigabytes of sensitive material to potentially fall into the hands of criminals.

And it's all due to a poorly secured NoSQL database holding 10GB of internal information.

collect
0
avatar
Michael Nicewander
guide
Zupyak is the world’s largest content marketing community, with over 300 000 members and 3 million articles. Explore and get your content discovered.