Skip to main content
Internet Security

The Internet of Things: Teddy Bear Edition

By Joe Gervais, a NortonLifeLock employee

Soft and sweet, but not very secure. That’s how you might describe the CloudPets “smart” teddy bear after news of yet another Internet of Things snafu. This one follows the February 2017 story about a potentially eavesdropping doll in Germany.

In February 2017, the tech and science news website Motherboard reported that Spiral Toys, a company that sells CloudPets internet-connected stuffed animals, left customer credentials and voice recordings exposed online for others to see and hear. The incident involved 800,000 user accounts and 2 million voice recordings.

Your attention, please

National Cybersecurity Alliance (NCSA) Executive Director Michael Kaiser said the CloudPets breach illustrates the need to pay close attention to the data collected by connected toys, appliances, and cars as they become increasingly incorporated into our daily digital lives.

What is an internet-connected stuffed animal? It’s a child’s toy that plays back messages recorded on a smartphone app. The idea is for family members to record messages on their phones to be sent via the internet to the stuffed animal for the child to hear. The child can also record messages on the toy for others to hear remotely.

Got that?

Motherboard reported that fromChristmas 2016 through early January 2017 Spiral Toys left customer data of its CloudPets brand on a database that wasn’t behind a firewall or password-protected.

Got any tips?

The NCSA offers tips as you consider adding IoT devices to your life, including:

  • Learn how to maintain the cybersecurity of your IoT devices: Protecting smart devices like wearables, toys, and connected appliances might be different than securing your computer or smartphone.
  • Own your online presence: Understand what information your devices collect and how it’s managed and stored.
  • Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking, and social media.
  • Pay attention to the Wi-Fi router in your home: Use a strong password to protect the device, keep it up to date and name it in a way that won’t let people know it’s in your house.

Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Start your protection,
enroll in minutes.