Skip to main content

Teddy talk: Fisher-Price’s smart stuffed animals found to have security flaws

fisher price smart toys found to have security vulnerabilities
Image used with permission by copyright holder
Just in time for Christmas last year, a security firm found that Hello Barbie, Mattel’s Wi-Fi-enabled doll with a sweet silver jacket and speech recognition, was vulnerable to hacking. Now Fisher-Price, which is owned by Mattel, has its own toy troubles. Its “Smart Toys” (Internet-connected stuffed animals), have a similar vulnerability, according to security researchers at Rapid7.

The “interactive learning friend,” aimed at kids aged 3-8, listens to and talks back to the child, tells stories and jokes, and knows the weather and news headlines. Whereas a beloved stuffed rabbit could only make a child vulnerable by becoming contaminated with scarlet fever germs, adding Wi-Fi could expose their identities. “It was determined that many of the platform’s web service (API) calls were not appropriately verifying the ‘sender’ of messages, allowing for a would-be attacker to send requests that shouldn’t be authorized under ideal operating conditions,” reports Rapid7. This means an attacker could have gotten the toy’s details (including its toy ID, name, type), accessed the child’s profile (which has data such as name, birthday, gender, and language), changed account details, and seen other information, such as game scores and customer purchases.

Recommended Videos

“While in the particular, names and birthdays are nominally non-secret pieces of data, these could be combined later with a more complete profile of the child in order to facilitate any number of social engineering or other malicious campaigns against either the child or the child’s caregivers,” Raipd7’s Mark Stanislav wrote in a post about the smart toys’ vulnerabilities.

Please enable Javascript to view this content

After Rapid7 contacted Fisher-Price about the issues, the company addressed the problem. Smart watch hereO, meant to help families keep track of each other, also had a vulnerability, researchers found. The GPS platform had an authorization flaw since it was patched; one that could have allowed attackers to send an accept an authorization request. That authorization grants access to family members’ locations and location histories.

It’s a tough time to be a connected kid. Last week, the New York City Department of Consumer Affairs launched an investigation of connected baby monitors, thanks to a Rapid7 report raising security issues. 

Jenny McGrath
Former Digital Trends Contributor
Jenny McGrath is a senior writer at Digital Trends covering the intersection of tech and the arts and the environment. Before…
Cyber Monday savings: Take $350 off this Café Bellissimo espresso maker
Café Bellissimo semi-automatic espresso machine making a cup of coffee.

Welcome to another year of Cyber Monday sales! We’ve been keeping tabs on popular consumer tech markdowns, along with a handful of small appliances that make life easier in the kitchen. And in our perusing, we came across this fantastic offer on a hot beverage brewer: For a limited time, when you purchase the Cáfe Bellissimo Semi-Automatic Espresso Maker at Walmart for Cyber Monday, you’ll only pay $230. At full price, this model sells for $580.

We also recommend checking out our lists of the best espresso machine deals and best coffee maker deals for even more discounts on top appliances!

Read more
HOT HOT HOT Cyber Monday air fryer deals: Cuisinart, Ninja and more up to 48% off

If you're planning to buy an air fryer, now's the perfect time. Why? Cyber Monday is here and there are air fryer deals that are available across all of the popular retailers, featuring the most trustworthy brands. The Cyber Monday deals you see here for air fryers aren't the only ones that you should check out if you want upgrades for your family's meals. We've also got grill deals and coffee maker deals, among others. In any case, we highly recommend completing your transactions as fast as you can, as the bargains right now may no longer be available tomorrow.
Our top pick: Bella Pro 12-in-1 6-Slice Toaster Oven + 33-qt. Air Fryer with French Doors -- $130 $250 48% off

The Bella Pro 12-in-1 6-Slice Toaster Oven + 33-qt. Air Fryer with French Doors does it all, including working as an air fryer with a huge 33-quart capacity. The French doors are easy to open with a single pull, so you can place your ingredients and take out your cooked dishes easily.

Read more
You can still get this PowerSmart snow blower for just $100 for Cyber Monday
The PowerSmart 18-inch Corded Snow Blower.

No one wants to be stuck with a snow-covered driveway this winter, especially when you know you’ll have to throw on boots to shovel it. That’s why we’re glad to have come across this solid Cyber Monday promotion for a PowerSmart snow blower: Right now when you order the PowerSmart 18-inch Corded Snow Blower on Amazon, you’ll only pay $100 for Cyber Monday. At full price, this model sells for $170, making now the best time to stock up on a tool you'll definitely be thanking yourself later for this winter.

Why you should buy the PowerSmart 18-inch Corded Snow Blower
When it comes to snow eradication, the PowerSmart Snow Blower has got you covered. This hand-pushed blower has a 17-inch clearing width and a 30-foot throw distance and can tackle up to six inches of snow. Plowing up to 800 pounds per minute, you’ll be able to tackle snow buildup on driveways, walkways, and around the mailbox with ease! And because you don’t have to worry about battery power, the PowerSmart’s 15-amp motor delivers top plug-in performance at all times.

Read more