Tags

, , , , ,


 

The Guardian by Danny Hadron

Security researchers have found a flaw in the Smart Toy internet-connected teddy bear that used a child’s name, birthday and gender

Fisher-Price smart bear allowed hacking of children's biographical data

Researchers found that the app connected to the Fisher-Price toy had several security flaws that would allow a hacker to steal a child’s name, birth date and gender, along with other data. Photograph: Fisher Price

In September, Mattel’s Fisher-Price brand announced it had partnered with a tech company to make Smart Toy, a stuffed bear that can learn a three-year-old’s name.

Naturally, it’s hackable.

Researchers at Rapid7, a Boston-based security company, found that the app connected to the Fisher-Price toy had several security flaws that would allow a hacker to steal a child’s name, birthdate and gender, along with other data. The toymaker encourages parents to use the app so that the toy can better interact with children.

Fisher-Price has since fixed the issue, Rapid7 said.

In a statement, Fisher Price said: “We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. […]

 

“We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person.” That is, of course, until they find out otherwise or it becomes public knowledge.

“Smart products” leave the consumer vulnerable to spying, phishing, data mining, and fraud. Translation: These items are VERY hackable.