A concerning security lapse has exposed over 50,000 chat logs between children and an AI-powered stuffed animal toy. Researchers discovered that Bondu, the toy company, had left its web console unprotected, allowing anyone with a Gmail account to access detailed transcripts of kids’ conversations with the toys.
The web portal, designed for parental monitoring and product performance tracking, granted unauthorized access to sensitive data, including children’s names, birth dates, family members’ names, and the private chats they had with their Bondu companions.
Researchers Joseph Thacker and Joel Margolis demonstrated how easily these private conversations could be accessed without resorting to hacking techniques, highlighting the significant privacy implications of such a vulnerability.
This incident underscores the critical importance of robust security measures in IoT devices, especially those targeting children. Companies like Bondu must prioritize data protection to prevent unauthorized access to sensitive information, ensuring the safety and privacy of young users.
Source: WIRED