The innovation of Internet of Things is considered as a beginning of the technology revolution. It helped us – connecting billions of smart devices, showing us a real-time data and much more…the ultimate goal for providing a better future. Many users have adopted IoT devices in their daily lives rapidly, without understanding the implications of how their data is being used.
Last month, the Germany had banned an internet connected doll called “Cayla” over a fear of hackers could target this toy for launching suspicious activities through it. The Cayla toy was designed in such a way that, it can interact with the children by answering their questions. It was released in 2014 and was functioned to answer by searching the answer on google via voice recognition software. This should have been a wake-up call for IoT users, but evidently, it hasn’t stopped the flood of internet-connected toys.
The recent Teddy Bear security breach where more than two million voice recordings of children and their parent were exposed, along with over 800,000 user account credentials. The toy making company CloudPets had experienced the data leak in February, where the attackers hacked into their database, extracted the voice recordings and made it available on the Shodan (Shodan is a search engine for discovering internet connected devices). The attacker who leaked these credentials demanded the ransom of one BTC ($1190) to parents in the exchange of voice recordings.
The attacker was able to access the user credentials so easily because of the weak password decryption algorithm with most common passwords (ex. “qwerty”, “password”, “123456”, “a”, etc.) stored in the company’s MongoDB database. The company was allegedly notified four times that its customer data was online and available for anyone, but the data remained up for almost a week and was stolen by many for demanding a ransom to parents for their voice recordings.
We had already discussed in our previous article that even a single refrigerator could easily infect your company resources, and not just that, the attackers are now finding many different and complex ways to infect any available internet-connected resources and use them for launching cyber attacks. This exactly explains the negative side of the IoT evolution.
Experts predict that there will be as many as 50 billions internet-connected devices around the world by 2020, or about 5 smart devices per person. Considering the fact that the attackers are now more active than ever, people should learn how to protect their own resources and prevent against these kinds of continuously-lurking cyber threats.
This Teddy Bear incident was an another learning for IoT users. So, if you find any unusual behaviour or any suspicious activity happening with your online account, you should immediately change your password. You are also advised to continuously update your passwords and try complex combinations to prevent against any future security threats.