Whoops: ‘AI’ Toy Company Leaks Chat Logs, Personal Data Of 50,000 Toddlers
from the monetizing-imaginary-friends dept
My biggest complaints with AI tend to be with the human beings who are rushing language learning models into mass adoption without doing their basic due diligence. Like AI toy maker Bondu, the creator of “AI” enabled stuffed animals, which recently left the stored chat logs children have with their polyester-filled automated friends openly available online to anybody with a Gmail account:
“[security researcher Joel Margolis] made a startling discovery: Bondu’s web-based portal, intended to allow parents to check on their children’s conversations and for Bondu’s staff to monitor the products’ use and performance, also let anyone with a Gmail account access transcripts of virtually every conversation Bondu’s child users have ever had with the toy.”
At this point there’s just no excuse for this sort of thing. We’ve been writing for more than a decade about how most “smart,” internet-connected toys were being rushed to market without adequate privacy and security safeguards, creating OpSec risks for kids before they’ve even been adequately potty trained.
Now, as we’ve done in sectors like health insurance and journalism, we’ve slathered half-cooked language learning models all over existing dysfunction we refused to address, called it innovation, and then ignored the fact we’ve introduced entirely new problems.
In this case, the included exposed data included kids’ names, birth dates, family member names, and even the detailed summaries and transcripts of every previous chat between the child and their Bondu stuffed animals.
On the plus side, once alerted, the company quickly fixed the issue in a matter of minutes. And when asked by journalists about it, didn’t try to lie about the problem (a low bar, but still):
“When WIRED reached out to the company, Bondu CEO Fateen Anam Rafid wrote in a statement that security fixes for the problem “were completed within hours, followed by a broader security review and the implementation of additional preventative measures for all users.” He added that Bondu “found no evidence of access beyond the researchers involved.”
If hackers are clever they don’t leave many footprints, so that last bit might not be worth much.
One recent survey found that 84 percent of Americans want tougher privacy laws. But corruption has ensured that the country still lacks even baseline internet-era privacy protections. The powers that be have decided, repeatedly, to prioritize mass commercialized surveillance over public safety, and it’s only a matter of time before those chickens come home to roost in ways we can’t even begin to consider.
Filed Under: ai, automation, privacy, security, smart, surveillance, toys
Companies: bondu
Comments on “Whoops: ‘AI’ Toy Company Leaks Chat Logs, Personal Data Of 50,000 Toddlers”
“If hackers are clever they don’t leave many footprints, so that last bit might not be worth much.”
It’s worth nothing. The reason that they’ve found no evidence is that they have nothing in place to accumulate any such evidence, and the reason for that is that they’re sloppy, lazy, and cheap — the same reason why this problem exists in the first place.
Personally I think those parents should lose their kids and any ability to have kids in the future.
Upwards of 100,000 people dumb enough to buy AI chat toys for babies.
And if people don’t want this, maybe stop voting for the same pos politicians.
IOT
I have always been told that the “S” in IOT stands for security.
Re:
And the “D” is silent.
Re:
And the “F” for Fixable.
Particularly as they didn’t say whether, or how hard, they looked for such evidence.
Re:
When you have already been proven your judgment and word cannot be trusted, you don’t get the benefit of the doubt when you say “Trust me bro, this was the only time”
This comment has been flagged by the community. Click here to show it.
Yeah, OK, but I bet those conversations are cute af.
None of you were listening to that argument regarding Hillary’s completely unsecured email server.
Re:
Thank you for once again proving that a goldfish has better memory than you.
https://www.bestnettech.com/2015/03/04/how-hillary-clinton-exposed-her-emails-to-foreign-spies-order-to-hide-them-american-public/
Re:
I love these blanket straw men. They’re so useless and vapid.
“I’m going to pretend to know something about a bunch of random people and draw conclusions from that daydream and therefore I’m smarter than everyone else here.”
Except of course, beyond the stupidity of such an assumption and assertion, there’s Rocky’s point above that makes it even funnier.
If you’re just making shit up to make yourself feel better, why aren’t you giving yourself superpowers to fly or something that might be interesting?
If it weren't for Smart(?) People
We wouldnt have all these Smart devices.
This is what you get from that AI you gush over like a cult follower.
Re:
Do you think every BestNetTech writer is the same person? OR do you just not look at the byline?
What the actual fuck?!!
Parents listening to their kids’ conversations without letting them know = spies, spying on their own kids.
Never do these type of thing to kids.
Re:
I thought it was the company listening in – No reason baby-produced content can’t be used to train AI!
I went back and read it again. Good grief. Those poor kids. The helicopter is already going full steam.
“We asked the toy if the security holes were fixed. It confirmed all security holes were fixed.”
-some reporter somewhere
““found no evidence of access beyond the researchers involved.””
Well you also thought your product & backend were secure so maybe farm that review out to a security firm.