I’ve always imagined a lot of cool, futuristic, technology scenarios, but I never imagined a day where attackers would hold the data from our Smart teddy bears ransom.
According to researchers, the company that makes CloudPets stored data from its 800 thousand customers in a wide-open MongoDB database, which both attackers and researchers have gotten their hands on. Besides containing hashed passwords, the database also had links to millions of messages parents left to kids on these Smart plush toys. Watch today’s video to learn more about this unusual IoT vulnerability.
As a bonus, also check out WatchGuard’s Ransombear video. While this attack was not a case of ransomware, I couldn’t ignore the similarities between teddy bears and ransom.
Episode Runtime: 3:57
Direct YouTube Link: https://www.youtube.com/watch?v=JgwwjhBZdpA
EPISODE REFERENCES:
- Attackers hold Smart Teddy Bears ransom – MotherBoard
- Password data breach researcher warns of leaked smart toy database – TroyHunt
- UPDATE: Researcher shows how to remotely spy on affected Smart toys – MotherBoard
- Watch the Ransombear video and get the survival kit – WatchGuard
Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply