Retailers drop CloudPets smart toys over cyber-security concerns
A range of smart, connected cuddly toys have been removed from sale by some retailers after warnings from cyber-security experts of vulnerabilities in the toys.
Concerns were first raised about CloudPets last year when security researcher Troy Hunt discovered voice recordings captured by the toys were being stored online unprotected.
Manufacturer Spiral Toys said it had taken “swift action” at the time, however subsequent further research by Mozilla and German firm Cure53 found issues still existed – prompting the Electronic Frontier Foundation (EFF) to write an open letter to retailers expressing concerns that the toys were still on sale.
Now, the products have disappeared from Amazon in the US and UK, while US retailers Walmart and Target have also stopped selling them.
“We understand that connected devices can be complex and that sometimes, mistakes happen,” the EFF’s letter said.
“However the issues with the CloudPets toy demonstrate a track record of failing to protect consumers. Despite the fact that security risks have been known publicly for over a year and that technical solutions are available, Spiral Toys has not rectified these problems.
“What CloudPets demonstrates is the potential privacy risks that even a toy with limited connectivity can pose. More importantly, it also shows how these toys are entry points for companies to generate a consumer base from children for other digital products in the future. That’s why it’s so critical that privacy and security be at the forefront of makers’ minds.”
CloudPets’ manufacturer Spiral Toys has not commented on the incident.