If your children have toys that can talk and connect to the internet, you may want to rethink having them in your home. Recent data has shown that these toys have leaked children's voice messages and parent's private information to total strangers.
The most recent cautionary tale comes from CloudPets, a company that makes stuffed animals that can talk to your kid. The toys pair with the CloudPets app, which allow kids access to "an ever-expanding collection of fun and games" and let the stuffed animals pass messages between kids and their parents, according to Fortune.
For around $25, you can get a toy that allows you to communicate with your children while you're away. For example, if Mom or Dad is on a business trip, they can use the app to record a message that then can be played by the stuffed animal. The child can send a message back by squeezing the toy's arm to record. It's an adorable idea, but unfortunately, it may come at a huge privacy risk.
Researcher Troy Hunt has detailed exactly how these and other toys have been leaking data and exposing children's voice messages online. Essentially, it comes down to the same way any data can be leaked on the internet: hackers. And in the particular case of CloudPets, Hunt and his security researchers revealed that the app is faulty in that it relies on a Romanian company "whose website contains huge security holes."
This essentially makes it a really easy task for any hacker to steal all of CloudPets' customer records, exposing parent's private email addresses and the recordings of what their children have said to the toys. Hunt's examples explain how he was able to hear a little girl singing and also saying, "Hello mommy and daddy, I love you so much."
What's even more terrifying for parents is that this is not the first (nor probably the last) story concerning internet-connected toys and dolls. Troubling news in December came out when a privacy group filed a complaint with the Federal Trade Commission about the My Friend Cayla doll. Apparently, the maker of the doll has been reportedly recording children's conversations and storing them on a server to use in product testing.
In fact, the Cayla doll has caused such concern in Germany that the German government has now advised parents to destroy the doll. The line between privacy and surveillance has obviously been crossed, and parents should take caution when considering similar toys for their tots.
The latest reports are not without their doubters, however.
Comedian Jimmy Kimmel has released a video in which he pokes fun at the CloudPets leak, as shown below.
In his trademark sarcastic tone, the "Jimmy Kimmel Live" host said he found the story very alarming, especially since more than 800,000 accounts were vulnerable to have personal information, photos and recordings of children's voices leaked.
"Who could have guessed giving a kid a stuff animal with a microphone connected to the internet in it had the potential to go wrong?" he asked his audience.
The satirical ad shows hackers with Eastern European accents communicating with children who are playing with their CloudPets toys, asking for Mommy's social security number and to reveal Daddy's secrets.
Although the fake commercial may be hysterical, it also points to a bigger problem: Security lapses in these types of toys are not uncommon or surprising. At the end of the day, these companies are making toys, not creating secure internet services.
For now, parents may want to exercise caution when considering internet-connected toys because, as the Jimmy Kimmel commercial says, "CloudPets, because you are never safe."