The Internet of Things or IoT for its acronym in English is gaining more and more ground and many companies are beginning to generate added value in their products by incorporating a connection to the network.
This is a great thing, but in many cases security has been in the background and incidents related to connected devices are becoming more frequent, from IP cameras to toys.
Days ago, a leak of 821 thousand users and passwords that were used to control teddies connected to the internet, were disclosed in the image above and allow parents to exchange messages with their young children.
The database was found unprotected online and more than 2 million voice recordings made by parents and children were also found. Security researcher Troy Hunt has posted all the details on his blog.
In addition to these leaks, it was also discovered that the stuffed animals use an insecure bluetooth connection and by simply being in range (which can be hundreds of meters with special antennas) it is possible to connect with the toy, upload messages from audio and activate recording functions. The firmware can also be remotely modified so that the toys could become real spy weapons.
These security problems in devices connected to the Internet do not only occur in small companies, large ones have also had their incidents and even at an industrial level the level of security leaves much to be desired in some cases.
There are a couple of conferences that I recommend you see from the ekoparty where these topics are touched on, Hacking Cars in Latin America was given by @dragonjar in 2015 and shows how it was possible to hack a car remotely. And Multiple Vulnerabilities in SE PLC is from 2016 and the failures that various PLC devices that are currently used in factories and industry in general are shown.
There are many more conferences on IoT security that have been given in recent times at different events, if you are interested I can leave you a list of some others that I found interesting.