Security

US Senator snaps on glove, probes insecure IoT toymaker CloudPets

'Will we do this the easy way, or will we do it the hard way?'


Spiral Toys, makers of the insecure Bluetooth-connected stuffed animals dubbed CloudPets, is being grilled for information by a US Senator.

On Tuesday, Bill Nelson (D-FL), ranking member of the Senate's Committee on Commerce, Science and Transportation, sent Spiral ten questions demanding answers about the security of its voice-messaging cuddly toys.

CloudPets was earlier caught running an unsecured MongoDB installation, completely open to the world. That exposed hundreds of thousands of user account records – including email addresses and easily crackable hashed passwords – along with links to as many as two million voice recordings children and parents had sent each other via the toys and their iOS and Android app.

Within a day, it also emerged that the toys' microphones could be accessed by nearby snoops, via Spiral's poorly secured implementation of the Web Bluetooth API.

Nelson wants Spiral to explain its database leak in step-by-step detail, whether there's any identity theft protection in place, and what control people have over data collected by their CloudPets.

He also wants to know whether the Children's Online Privacy Protection Act applies to Spiral Toys' operation, details about its data collection and who data is shared with, whether any other breaches have happened in the past two years, whether consumers have the chance to delete their data, and more.

The letter came to light via Microsoft MVP Troy Hunt, who investigated the MongoDB leak:

The letter may reveal some actual useful information from California-based Spiral Toys. The biz sent a disingenuous statement to journalists in February. Back then it wrongly claimed the user data was “password encrypted,” and it was only a staging server that was compromised (it just happened to hold 500,000-plus production records). ®

Send us news
12 Comments

US senators seek input on their cryptocurrency law via GitHub – and get some

Those town hall meetings that go off the rails? That's the internet all day, every day

The two US senators behind a proposed law to bring order to cryptocurrency finance have published their legislation to Microsoft's GitHub to obtain input from the unruly public.

The bill, known as the Responsible Financial Innovation Act, was introduced by Senators Cynthia Lummis (R-WY) and Kirsten Gillibrand (D-NY) on June 7 to create a regulatory framework governing digital assets, cryptocurrencies, and blockchain technology.

It has been welcomed by the Stellar Development Foundation and cryptocurrency trade group the Chamber of Digital Commerce, a sign that the legislation doesn't ask much of those it would regulate.

Continue reading

Big Tech silent on data privacy in post-Roe America

We asked what they will do to prevent cases being built against women. So far: Nothing

Period- and fertility-tracking apps have become weapons in Friday's post-Roe America.

These seemingly innocuous trackers contain tons of data about sexual history, menstruation and pregnancy dates, all of which could now be used to prosecute women seeking abortions — or incite digital witch hunts in states that offer abortion bounties.

Under a law passed last year in Texas, any citizen who successfully sues an abortion provider, a health center worker, or anyone who helps someone access an abortion after six weeks can claim at least $10,000, and other US states are following that example.

Continue reading

More than $100m in cryptocurrency stolen from blockchain biz

'A humbling and unfortunate reminder' that monsters lurk under bridges

Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.

The Horizon Ethereum Bridge, one of the firm's ostensibly secure bridges, was compromised on Thursday, resulting in the loss of 85,867 ETH tokens optimistically worth more than $100 million, the organization said via Twitter.

"Our secure bridges offer cross-chain transfers with Ethereum, Binance and three other chains," the cryptocurrency entity explained on its website. Not so, it seems.

Continue reading

NASA circles August in its diary to put Artemis I capsule in Moon orbit

First steps by humans to recapture planet's natural satellite

NASA is finally ready to launch its unmanned Orion spacecraft and put it in the orbit of the Moon. Lift-off from Earth is now expected in late August using a Space Launch System (SLS) rocket.

This launch, a mission dubbed Artemis I, will be a vital stage in the Artemis series, which has the long-term goal of ferrying humans to the lunar surface using Orion capsules and SLS technology.

Earlier this week NASA held a wet dress rehearsal (WDR) for the SLS vehicle – fueling it and getting within 10 seconds of launch. The test uncovered 13 problems, including a hydrogen fuel leak in the main booster, though NASA has declared that everything's fine for a launch next month.

Continue reading

It's a crime to use Google Analytics, watchdog tells Italian website

Because data flows into the United States, not because of that user interface

Another kicking has been leveled at American tech giants by EU regulators as Italy's data protection authority ruled against transfers of data to the US using Google Analytics.

The ruling by the Garante was made yesterday as regulators took a close look at a website operator who was using Google Analytics. The regulators found that the site collected all manner of information.

So far, so normal. Google Analytics is commonly used by websites to analyze traffic. Others exist, but Google's is very much the big beast. It also performs its analysis in the USA, which is what EU regulators have taken exception to. The place is, after all, "a country without an adequate level of data protection," according to the regulator.

Continue reading

Arm most likely to list on the Nasdaq, says SoftBank CEO

Hopes of securing London listing for UK chip designer may be in vain

Arm is most likely to list on the US stock exchange Nasdaq, according to Masayoshi Son, chief executive of SoftBank Group, which bought the chip designer in 2016 for $32 billion.

Although he stressed no final decision had been made, Son told investors that the British chip designer was better suited to a US listing. "Most of Arm's clients are based in Silicon Valley and... stock markets in the US would love to have Arm," Son told shareholders at the company's annual general meeting.

He said there were also requests to list Arm in London without elaborating on where they came from. The entrepreneur did not say whether the conglomerate is considering a secondary listing for Arm there.

Continue reading

Startup rattles tin for e-paper monitor with display fast enough to play video

In grayscale, though. Optimistic plans for daylight-readable display and long-life laptop

E-paper display startup Modos wants to make laptops, but is starting out with a standalone high-refresh-rate monitor first.

The initial plan is for the "Modos Paper Monitor," which the company describes as: "An open-hardware standalone portable monitor made for reading and writing, especially for people who need to stare at the display for a long time."

The listed specifications sound good: a 13.3", 1600×1200 e-ink panel, with a DisplayPort 1.2 input, powered off MicroUSB because it only takes 1.5-2W.

Continue reading

Microsoft issues fix for Windows 11 Wi-Fi hotspots

Meanwhile, 'search highlights' will tell you 'what's special about each day'

Microsoft has dropped a preview of its next batch of Windows fixes, slipping a resolution for broken Wi-Fi hotspots in among the goodies.

The release – KB5014668 for Windows 11 – addresses the Wi-Fi hotpot functionality broken in June's patch Tuesday alongside some less necessary features like "search highlights," which "present notable and interesting moments of what's special about each day."

KB5014697, which was released on June 14 for Windows 11, had a selection of issues. Some .NET Framework 3.5 apps might fail and connecting to a Windows device acting as a hotspot wouldn't always work. The only fix was to roll back the patch or disable the Wi-Fi hotspot feature.

Continue reading

Inspur joins Arm gang with 2U box running Ampere silicon

Arm ecosystem elbowing its way into third largest server vendor in the world

China-based server maker Inspur has joined the Arm server ecosystem, unveiling a rackmount system using Arm-based chips.

It said it has achieved Arm SystemReady SR certification, a compliance scheme run by the chip designer and based on a set of hardware and firmware standards that are designed to give buyers confidence that operating systems and applications will work on Arm-based systems.

Inspur may not be a familiar name to many, but the company is a big supplier to the hyperscale and cloud companies, and was listed by IDC as the third largest server vendor in the world by market share as recently as last year.

Continue reading

Back-to-office mandates won't work, says Salesforce's Benioff

As industry and governments push to get workers crammed into commuter trains, glass box edifices, tech boss says: 'Why?'

Salesforce CEO Marc Benioff has doubled down on his company's stance on working from home and flexible working, that great pandemic debate.

Following widespread WFH enforced by global COVID-19-related lockdowns, opinion is divided between those welcoming the new normal of work-where-you-like and those who see numbers coming through the office door as a proxy for productivity.

Those in the latter camp include Goldman Sachs CEO David Solomon – who has taken several opportunities to insist that his staff get back to the office full time – and UK Prime Minister Boris Johnson, who insisted the temptation of coffee and cheese presented a serious threat to the nation's post-Brexit economic success.

Continue reading

Semiconductor boom could be coming to an end – analysts

Record revenues buoyed by surge in demand over the last couple of years, but nothing lasts forever

The semiconductor market is flattening out after a period of record revenues, according to research outfit Omdia.

The report joins a growing list of warnings that the chip industry is heading for a slowdown because of companies stockpiling components and global economic effects such as inflation.

Omdia's latest analysis of the worldwide semiconductor market shows that it reached a plateau in the first quarter of 2022 following five straight quarters of record revenues and continual growth in demand.

Continue reading