Connect with us

Hi, what are you looking for?


Fisher-Price smart bear allowed hacking of children’s biographical data

In September, Mattel’s Fisher-Price brand announced it had partnered with a tech company to make Smart Toy, a stuffed bear that can learn a three-year-old’s name.

Naturally, it’s hackable.

Researchers at Rapid7, a Boston-based security company, found that the app connected to the Fisher-Price toy had several security flaws that would allow a hacker to steal a child’s name, birthdate and gender, along with other data. The toymaker encourages parents to use the app so that the toy can better interact with children.

Fisher-Price has since fixed the issue, Rapid7 said.

In a statement, Fisher Price said: “We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this.”

As far as security flaws go, this one may not be severe. But Rapid7’s findings do reinforce how vulnerable consumers can become as they bring more of their possessions online by making them “smart”. This also applies to toys. Last year, Rapid7 found security flaws in a baby monitor. Mattel also recently announced a smart Barbie that has security researchers on the hunt for bugs.

The flaws in the Fisher-Price case had to do with how the app, meant for parents, communicates with servers running the system. They’re the kind of flaws a more experienced internet company probably wouldn’t have missed, Rapid7 said.

“This is an easy mistake,” said Tod Beardsley, Rapid7’s security research manager. “You wouldn’t find these bugs today from places like Google, Microsoft.”

There is no evidence attackers have used the flaws in the wild. However, Beardsley suggested one way they could use the flaw would be to gather information on a target’s family in order to trick them into giving them more information in a phishing attack. A child’s name is also a common password choice, he said.

Advertisement. Scroll to continue reading.

On its website, Fisher-Price says “NO PERSONALLY IDENTIFIABLE DATA is transmitted by Smart Toy”.


You May Also Like


Professing to be the lead in Thai relationship with over 1.5 million enrolled single people, Cupid Media’s ThaiCupid brings the one in every of...


Read more about switzerland women here. Swiss ladies and men are not reknown for being the most chatty, outgoing or spontaneous when meeting strangers...


An exclusive article form Orestis Karipis In the 1930’s and 1940’s acid was the weapon of deceived husbands and wives in the Western world...


In food, if there is one thing you can say without fear of contradiction, it is this: Britain loves burgers. The UK market is...

Copyright © 2020 All Rights Reserved