Cybersecurity: connected toys increasingly dangerous

An IoT toy would jeopardize the privacy and safety of children and families. The teddy bear was allegedly hacked and messages ended up in the deep web

Can a cuddly teddy bear piece turn into one of the worst nightmares for children's safety? The answer is yes, if the toy in question is connected to the Internet. We're talking about CloudPets, from the company Spiral Toys, a simple plush IoT toy that allowed messages to be sent between adults and children. Too bad it was hacked.

Developers made an Internet of Things teddy bear with no protection against the data that babies and adults exchanged through the toy. Every message exchanged was saved on a database that wasn't password-protected, or protected by very weak security keys for that matter. It was child's play for the hackers to find all the data, using the famous Shodan search engine. The same one used by cyber criminals to find all vulnerable smart and connected objects. Result? The hackers carried out a ransomware attack blocking the messages of the little ones and threatening to publish them on the Net if the victims didn't pay the ransom.

Numbers and dangers

According to the first calculations there are about eight hundred thousand data, passwords and messages stolen by the hackers from the smart bear. These are mostly messages and voice notes of children. All in a very short time, from Christmas to today. According to several computer security experts every data transmitted through this "smart" teddy bear can now be available in the deep web and can be used by cyber criminals to generate a ransomware attack.

Smart toys goodbye?

All it takes is one little mistake by the manufacturer and every one of your voice messages or information about your family, exchanged with a simple teddy bear, can end up on the Net. In front of everyone's eyes. Someone wonders what could push people in the future to buy "smart" toys more expensive than classic games and much more insecure. Meanwhile Spiral Toys after the scandal is close to bankruptcy, in Germany the government itself has banned the soft toy. Security experts attack the manufacturer because once it became aware of the flaw in its system it did nothing to avoid the worst and did not warn consumers. Inoltre ha permesso alle persone di registrarsi con il giocatolo usando password troppo facili da decifrare, come 123 o qwe.

Come difendersi dagli attacchi hacker

Cliccando sui link che seguono, invece, potrete scoprire  suggerimenti, alcuni più tecnici altri più alla portata di tutti, riguardanti la sicurezza informatica e scoprire le tipologie di attacchi più comuni: dagli attacchi DDoS al phishing, passando per le botnet.

  • Dai cyber terroristi ai White hat hacker, ecco chi sono e cosa fanno
  • Proteggere la privacy e dati personali, i consigli dell’esperto
  • Sei consigli per mettere al sicuro la vostra piccola o media impresa
  • Dieci consigli per non cadere nella trappola di una e-mail phishing
  • Come proteggere la tua mail con Password Sicura: cos’è e come funziona
  • Salvarsi dagli hacker: 5 errori da non commettere
  • Allarme virus, trojan e ransomware, la guida per difendersi
  • Cosa sono i ransomware e come si diffonde il contagio
  • Pericolo ransomware: come difendersi con buone pratiche e antivirus
  • Dilemma ransomware: è possibile fermare il "virus del riscatto"?
  • Attacco ransomware: piccole e medie imprese in pericolo
  • Cosa sono gli attacchi DDoS, come nascono e come difendersi
  • Cos’è il phishing? Una pericolosa truffa: ecco come non abboccare
  • Privacy online: ecco come salvaguardare i nostri dati personali
  • Come creare una password forte per proteggere l’identità online
  • Addio ai furti di password, ecco la verifica in due passaggi
  • I migliori password manager per mettere al sicuro i propri dati