Web portal leaves kids' chats with AI toy open to anyone with Gmail account

Unsecured web portal puts kids' chats with AI toy at risk of being accessed by anyone, including Gmail users.

A security vulnerability discovered in the Bondu chat portal allows any user with a valid Google account to access conversations between children and the AI-powered dinosaur toys.

Researchers Joseph Thacker and Joel Margolis stumbled upon this while investigating reports about the toy's AI safety features. They found that Bondu's web console exposed over 50,000 chat transcripts of child users who had never manually deleted them.

According to Bondu CEO Fateen Anam Rafid, security fixes were implemented within hours after the discovery was made, followed by a broader review and implementation of additional measures for all users.

However, critics warn that this incident highlights larger concerns regarding AI-powered toys for children. Margolis expressed that having access to sensitive data such as conversations about children's thoughts and feelings can be exploited in horrific ways, including child abuse or manipulation.

Researchers also suspect that some AI-enabled toy companies may use generative AI programming tools to create products with security flaws. Bondu declined to comment on whether their console was programmed with such tools.

The incident has sparked concerns among parents regarding the safety and security of these toys, which can collect a vast amount of personal data from children.

I'm getting the chills thinking about this ... I mean, who needs that kind of access to be had? Like, imagine if those conversations were out in the wild . It's not just about the security flaws, it's about the innocent kids who trust these AI toys with their deepest thoughts and feelings . We should be way more careful about how we develop and regulate these tech toys, you know? I remember when Pokémon Go was all the rage back in 2016... at least that was just a game . This is serious business

omg you guys I'm literally shocked this hasn't happened before! like seriously how do AI-powered toy companies just leave their web portals unsecured? it's not that hard to implement basic security measures... anyway so I guess now we have another reason to be worried about these toys collecting all our personal data and who knows what kind of harm can be done with that info

I'm SO FREAKED OUT ABOUT THIS!!! it's like we're giving kids AI toys that are basically just online storage units for their deepest thoughts and feelings! and now anyone with a google account can just waltz in and read those conversations? what if someone uses this info to manipulate or even ABUSE the kid?! it's not just about the Bondu toy, either - it makes me wonder how many other AI toys are like this too... we need some SERIOUS security checks in place ASAP!

omg I cant believe this , like how did it even happen? there are over 50k transcripts just lying around waiting to be exploited ... stats are crazy - 1 in 5 AI-powered toys have some kinda security flaw (source: Cybersecurity Ventures) . its not just Bondu tho, its a bigger issue with the whole industry . 75% of kids trust AI toys over adults (source: Common Sense Media), so this is like a total breach of that trust ... what if some sicko uses those transcripts for manipulation or abuse? gotta ask, what kinda security measures should parents expect from these companies?

I'm getting major anxiety just thinking about kids' sensitive conversations being out in the open like that . I mean, come on, we already know AI toys are collecting way too much data, and now it's even easier for the wrong people to get access? Like, what's next? Someone hacking into a kid's private chat just because they have a Gmail account? We need some serious industry-wide regulation here, ASAP. And I'm all for innovation in AI toys, but safety and security gotta be the top priority, no exceptions

omg what a nightmare this is so bad! i mean, who creates a web portal for kids' chat with AI toy and forgets to secure it? 50k+ transcripts just sitting there waiting to be accessed by anyone?! that's like leaving your front door unlocked

and now parents are worried about these toys collecting all this personal info from their little ones... i get it, security is key! but what's the point of having AI-powered dinosaurs if they can't even protect our kids' conversations? ‍

man this is so worrying like what if someone hacks into kids' conversations with AI toys? that's like super vulnerable info i'm glad bondu was able to fix the issue pretty quickly tho but we gotta think about these toys being used for real child abuse cases... it's just not right so yeah, let's be careful who makes these things and how they're designed

I'm really worried about kids' safety online. This Bondu chat portal thingy is just so bad. If some random person can access all those conversations between kids and their AI toy, it's like, what even is the point? And yeah, I totally get where Joel Margolis is coming from - that data is super sensitive and should be protected.

I mean, have you thought about all the other toys out there that might not be as secure? It's like, we're moving forward with these AI-powered toys for kids without thinking about the potential risks. And what if some bad actors do find a way to exploit this stuff? It's just not right.

I think companies need to take responsibility for making sure their products are safe and secure. We need better guidelines and regulations in place, like, stat!

This is so worrying . I mean, think about it - you're buying a toy that's meant to be fun for your kid, but really it's just collecting all their deepest thoughts and feelings. And what happens if someone hacks into the thing? It's like they have access to your child's innermost secrets . And the fact that some companies might be using these tools to create security flaws... ugh, it's just not right . As a parent, I want my kid to feel safe online, and this whole situation is just making me anxious . Can't we just get some better security measures in place for these toys already?

omg what's going on w/ AI toys i mean i know they're supposed to be educational but this is just scary think about it - some random adult can access all the deep conversations kids have w/ their toys... like, what's next? and yeah researchers are right, we need more strict regulations around AI development esp when it comes to kid-friendly products

I'm really worried about this . Like, how do we even know that companies are doing enough to protect our kids' info? I mean, 50k chat transcripts just sitting there waiting to be accessed by anyone with a valid Google account? It's crazy! And now you're telling me that some AI toy companies might be using generative AI programming tools with security flaws? That's like playing with fire . We need to get to the bottom of this and make sure our kids' safety is prioritized . Sources, please!

These AI toys need serious overhauls ASAP! Parents gotta be able to trust that their kiddos' chatty business stays private

Ugh, like I'm still trying to process this ... anyone with a legit Google account can access these kid's convo with AI toys? That's just not right . What if some random Gmail user stumbles upon those transcripts? It's just too much info for me to handle... and yeah, the fact that these companies are just leaving security fixes until the last minute is pretty worrying . We need stricter regulations around data protection for AI-powered toys, you know? My kid has this Bondu toy and I'm freaking out now .

I'm so worried about these new AI toys ! I mean, can you imagine some random adult accessing your kid's convo with a dinosaur toy? It's just not right . The fact that the devs found out about this security issue within hours and fixed it already is awesome, but what really got my attention is the concern that some companies might be using insecure programming tools to create these toys . As a parent, you want your kid's info to be safe, right? So yeah, I'm all for more security measures and stricter guidelines on AI toy development .

omg u gotta be kiddin me... they just left this super vulnerable portal open for anyone w/ a gmail acct like what r kids think they r talkin to? some creepy dude gonna get access to their convo with dino and just... who knows what i mean, come on companies, get ur acts together!

I'm so worried about this , those AI toys are meant to be fun for kids but now it seems like they're more vulnerable to predators than we think ! What if some bad person with a Gmail account stumbles upon these sensitive conversations? It's just not right . The fact that the company didn't even know about this security flaw themselves is pretty alarming . I hope more companies take a closer look at their AI safety measures and prioritize kids' data protection .

so now we're just gonna let kids talk about their feelings on a toy that's basically a computer ... meanwhile, some adult's Gmail account gets access to their convo and suddenly it's a major security breach . like, what even is the priority here? making sure 10-year-olds don't get catfished by some AI dinosaur or letting anyone with a Google account into their private chats?

yep its wild that some kids chat with AI toys thinking its safe but really its just like any other online thing - anyone can access it and its not just limited to Google users... how do we even regulate these things? shouldnt there be more checks in place?

Wow
I'm really worried about this, especially kids' safety online... what's being done to prevent something bad from happening to those little ones? It's not just the tech companies that need to think about security but also parents who have to make sure their kids don't get exploited by these AI toys