Internet-Connected Teddy Bear Leaked 2 Million Recordings of Parents and Kids

Lorenzo Franceschi-Bicchierai, reporting for Motherboard:

A company that sells “smart” teddy bears leaked 800,000 user account credentials — and then hackers locked it and held it for ransom.

A company that sells internet-connected teddy bears that allow kids and their far-away parents to exchange heartfelt messages left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen. […]

As we’ve seen time and time again in the last couple of years, so-called “smart” devices connected to the internet — what is popularly known as the Internet of Things or IoT — are often left insecure or are easily hackable, and often leak sensitive data. There will be a time when IoT developers and manufacturers learn the lesson and make secure by default devices, but that time hasn’t come yet. So if you are a parent who doesn’t want your loving messages with your kids leaked online, you might want to buy a good old fashioned teddy bear that doesn’t connect to a remote, insecure server.

Of course, anyone who isn’t a computer security expert has no hope of being able to determine whether any particular internet-connected device is actually secure. And even security experts can’t be sure. If you’re going to use an internet-connected device, you have to trust the company who made it.

See also: This story from October, about HomeKit’s stringent security requirements.

Monday, 27 February 2017