I assume they were stored there to make sure that only authorized persons were allowed to access a given teddy bear and so people could connect to a given teddy bear without having to pay for a static IP address.
Pardon my digression, but I do not recall why Talking Tina did not like Telly Savalas, and how she whacked him. Was it she he tripped over on the stairs?
Yes, he tripped over the doll and fell down the stairs.
If I recall correctly, she was reacting to his dislike of her.
And it’s been theorized that he didn’t like her because
he didn’t like the child who loved her (his stepdaughter).
I have no idea if that was the case.
Telly Savalas was hostile and mean to his stepdaughter Christie because he resented her because couldn’t have children of his own. When her mother bought her the doll, he complained that it was too expensive.
Christie is delighted with the doll, and it says “I love you” to her. When Savalas tries it when he’s alone with the doll, it says “I don’t like you very much.” Things escalate from there.
At first he is convinced that his wife is playing a joke on him through a hidden mike. Then he tries to throw the doll out or destroy it, unsuccessfully. It finally tells him it’s going to kill him.
He dies when he trips on it on the stairs.
Thanks!
According to the tech sites, the whole database has been wide open forever, has been compromised a number of times by criminals, and yes, you could deliver ransom notes like that by inserting them into the database.
I think Harry Harrison’s “I Always Do What Teddy Says” is must reading for this thread, especially in this era.
But it is the database, not the devices themselves, I believe.
I wonder how many of the “Internet of Things” allow access to the user’s home network.
Here’s article from The Register explaining and demonstrating how an attacker can take over the toy. The first link in the artile goes to the story about their database breaches.
There is also this BBC video showing how a Cayla doll can be used to unlock a voice activated door lock.
From the Register article about the database breach:
So with just the database the attacker cracks the weak passwords, logs into the Cloudpets app on their own device, and communicates with the toy.
Far too many. This is yet another area of tech driven by naivety and marketing where even the idea that the components might be misused has failed to occur to anyone.
It’s not just deliberate and malicious intent by marketing types we need fear, but this kind of blindness, in that opening deep doors in our physical and behavioral defenses something other than marketing slogans and “benefits” might wander in. It’s bad enough when it’s just malware in a computer. It’s far worse when individual security and safety are at risk… not to mention truly black uses of manipulation.
Worked with too many programmers who were blind to such unlocked doors… “it’s just a game” or “no one’s going to hack a thermostat, fer God’s sake.”
I just wanted to add that years ago before the web the thing was baby monitors. Those household small radio intercoms that back then it wasnt uncommon for people to be able to listen in on other peoples communications by having the same unit.
But these are even scarier.
FWIW, the intent of Amateur Barbarian’s post was absolutely clear to me (though perhaps opposite to what you thought). IMHO, he made his point in a concise, though acerbic, way.
If he had enclosed a smiley-face icon, e.g. :rolleyes: , his facetious intent would have been even more clear. Would his post have been acceptable then?
Sarcasm? It’s a cheaply made Internet of Things toy. Of course it’s hackable. That’s how every DDOS now works. These things are not secure.
I got my parents (among other things) a key finder for Christmas. I specifically avoided the ones that work via connecting online, specifically because IoT things are just bad.
Oh, and this is Black Mirror shit, if anything. It’s beyond the stuff the Twilight Zone people thought of, IMO.
And, if this is not old news, it’s not the first time this has come up. I hear about these devices that phone home with info being hackable all the time.
It’s entirely plausible that the toys “phone home” every so often to exchange messages with the server. If so, the server connection would be “pull” from inside your home network, not “push” from the server through your firewall into your home network.
It’s still the case that if the device can reach out to the server then bad guys can, at least in principle, place malicious content on the server to be collected and acted on when the device next connects. And if the device is secured poorly enough, it just became a bot.
As I said earlier in this thread, take all discussion about it to ATMB.
Sarcasm.