Connect with us

Hi, what are you looking for?

NewsTimes.co.uk

TECH

Fisher-Price smart bear allowed hacking of children’s biographical data

In September, Mattel’s Fisher-Price brand announced it had partnered with a tech company to make Smart Toy, a stuffed bear that can learn a three-year-old’s name.

Naturally, it’s hackable.

Researchers at Rapid7, a Boston-based security company, found that the app connected to the Fisher-Price toy had several security flaws that would allow a hacker to steal a child’s name, birthdate and gender, along with other data. The toymaker encourages parents to use the app so that the toy can better interact with children.

Fisher-Price has since fixed the issue, Rapid7 said.

In a statement, Fisher Price said: “We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this.”

As far as security flaws go, this one may not be severe. But Rapid7’s findings do reinforce how vulnerable consumers can become as they bring more of their possessions online by making them “smart”. This also applies to toys. Last year, Rapid7 found security flaws in a baby monitor. Mattel also recently announced a smart Barbie that has security researchers on the hunt for bugs.

The flaws in the Fisher-Price case had to do with how the app, meant for parents, communicates with servers running the system. They’re the kind of flaws a more experienced internet company probably wouldn’t have missed, Rapid7 said.

“This is an easy mistake,” said Tod Beardsley, Rapid7’s security research manager. “You wouldn’t find these bugs today from places like Google, Microsoft.”

Advertisement. Scroll to continue reading.

There is no evidence attackers have used the flaws in the wild. However, Beardsley suggested one way they could use the flaw would be to gather information on a target’s family in order to trick them into giving them more information in a phishing attack. A child’s name is also a common password choice, he said.

On its website, Fisher-Price says “NO PERSONALLY IDENTIFIABLE DATA is transmitted by Smart Toy”.

Source: https://www.theguardian.com

You May Also Like

FOOD TIPS

In food, if there is one thing you can say without fear of contradiction, it is this: Britain loves burgers. The UK market is...

UK NEWS

Read more about switzerland women here. Swiss ladies and men are not reknown for being the most chatty, outgoing or spontaneous when meeting strangers...

UK NEWS

Read more about wellhello.com here. What is SnapMingles? The questionnaire is nothing but a way to entice you into joining SPDate.com. At the end...

WORLD NEWS

An exclusive article form Orestis Karipis In the 1930’s and 1940’s acid was the weapon of deceived husbands and wives in the Western world...

Copyright © 2020 NewsTimes.co.uk All Rights Reserved