Teddy talk: Fisher-Price’s smart stuffed animals found to have security flaws

fisher price smart toys found to have security vulnerabilities
Just in time for Christmas last year, a security firm found that Hello Barbie, Mattel’s Wi-Fi-enabled doll with a sweet silver jacket and speech recognition, was vulnerable to hacking. Now Fisher-Price, which is owned by Mattel, has its own toy troubles. Its “Smart Toys” (Internet-connected stuffed animals), have a similar vulnerability, according to security researchers at Rapid7.

The “interactive learning friend,” aimed at kids aged 3-8, listens to and talks back to the child, tells stories and jokes, and knows the weather and news headlines. Whereas a beloved stuffed rabbit could only make a child vulnerable by becoming contaminated with scarlet fever germs, adding Wi-Fi could expose their identities. “It was determined that many of the platform’s web service (API) calls were not appropriately verifying the ‘sender’ of messages, allowing for a would-be attacker to send requests that shouldn’t be authorized under ideal operating conditions,” reports Rapid7. This means an attacker could have gotten the toy’s details (including its toy ID, name, type), accessed the child’s profile (which has data such as name, birthday, gender, and language), changed account details, and seen other information, such as game scores and customer purchases.

“While in the particular, names and birthdays are nominally non-secret pieces of data, these could be combined later with a more complete profile of the child in order to facilitate any number of social engineering or other malicious campaigns against either the child or the child’s caregivers,” Raipd7’s Mark Stanislav wrote in a post about the smart toys’ vulnerabilities.

After Rapid7 contacted Fisher-Price about the issues, the company addressed the problem. Smart watch hereO, meant to help families keep track of each other, also had a vulnerability, researchers found. The GPS platform had an authorization flaw since it was patched; one that could have allowed attackers to send an accept an authorization request. That authorization grants access to family members’ locations and location histories.

It’s a tough time to be a connected kid. Last week, the New York City Department of Consumer Affairs launched an investigation of connected baby monitors, thanks to a Rapid7 report raising security issues. 


Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Movies & TV

The best shows on Netflix, from 'The Haunting of Hill House’ to ‘The Good Place’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Emerging Tech

Students who designed transforming smart home will compete in Solar Decathalon

Modular smart homes are all the rage, and now some students from Virginia Tech are putting their money on their FutureHAUS, a modular, solar-powered, transforming smart home they're taking to the Solar Decathlon in Dubai.

These Black Friday furniture deals offer up to 80 percent off

Retailers across all industries use Black Friday to offer incredible deals on everything from kitchen appliances, to full bedroom sets. As such, it’s the ideal time to upgrade your space with pieces that will make you feel more…
Emerging Tech

Awesome Tech You Can’t Buy Yet: A.I. selfie drones, ‘invisible’ wireless chargers

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Smart Home

These holiday gadgets will make cooking your meal a breeze

Are you dreading the lengthy process of cooking a holiday dinner? Try these holiday gadgets to make the job of cooking much easier. These items will make for an easy, breezy meal.
Smart Home

The best washing machines make laundry day a little less of a chore

It takes a special kind of person to love doing laundry, but the right machine can help make this chore a little easier. Check out our picks for the best washing machines on the market right now.

Clean with a robot vacuum and save $160 on the Ecovacs Deebot, today only

Investing in smart home technology can usually come with a hefty price tag. If you were thinking of getting a robot vacuum, now is your chance. The Ecovacs Deebot N79 is one of our favorite budget-friendly robot vacuums and is currently on…

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…
Smart Home

Put away that sponge and let us help you pick the best dishwasher for your buck

Tired of doing dishes by hand? Take a look at our picks of the four best dishwashers currently available and let a machine do the dirty work for you. They’ll do a much better job, anyway.
Smart Home

Hello Fresh vs. Blue Apron: Which meal-delivery service is better?

To save time in the kitchen, some busy people order takeout, some look to devices like slow cookers and pressure cookers, and others try home-delivery meal services. These days, you have several meal-delivery services to choose from if you…

Smart speakers used primarily for music and information — and shopping

A survey of Alexa and Google Home users shows most people use their devices for core functions and had issues discovering third-party apps. A significant number of people use their device for shopping.