Skip to main content
  1. Home
  2. Smart Home
  3. Smart Home News

Teddy talk: Fisher-Price’s smart stuffed animals found to have security flaws

By

Just in time for Christmas last year, a security firm found that Hello Barbie, Mattel’s Wi-Fi-enabled doll with a sweet silver jacket and speech recognition, was vulnerable to hacking. Now Fisher-Price, which is owned by Mattel, has its own toy troubles. Its “Smart Toys” (Internet-connected stuffed animals), have a similar vulnerability, according to security researchers at Rapid7.

The “interactive learning friend,” aimed at kids aged 3-8, listens to and talks back to the child, tells stories and jokes, and knows the weather and news headlines. Whereas a beloved stuffed rabbit could only make a child vulnerable by becoming contaminated with scarlet fever germs, adding Wi-Fi could expose their identities. “It was determined that many of the platform’s web service (API) calls were not appropriately verifying the ‘sender’ of messages, allowing for a would-be attacker to send requests that shouldn’t be authorized under ideal operating conditions,” reports Rapid7. This means an attacker could have gotten the toy’s details (including its toy ID, name, type), accessed the child’s profile (which has data such as name, birthday, gender, and language), changed account details, and seen other information, such as game scores and customer purchases.

Recommended Videos

“While in the particular, names and birthdays are nominally non-secret pieces of data, these could be combined later with a more complete profile of the child in order to facilitate any number of social engineering or other malicious campaigns against either the child or the child’s caregivers,” Raipd7’s Mark Stanislav wrote in a post about the smart toys’ vulnerabilities.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

After Rapid7 contacted Fisher-Price about the issues, the company addressed the problem. Smart watch hereO, meant to help families keep track of each other, also had a vulnerability, researchers found. The GPS platform had an authorization flaw since it was patched; one that could have allowed attackers to send an accept an authorization request. That authorization grants access to family members’ locations and location histories.

It’s a tough time to be a connected kid. Last week, the New York City Department of Consumer Affairs launched an investigation of connected baby monitors, thanks to a Rapid7 report raising security issues. 

Jenny McGrath
Jenny McGrath
Former Senior Writer, Home
Jenny McGrath is a senior writer at Digital Trends covering the intersection of tech and the arts and the environment. Before…
Topics
Tineco carpet cleaner at lowest-ever price for Prime Day — here’s how to save more
A man using the Tineco Carpet One Cruiser Smart Carpet Cleaner.

Not all vacuum deals will be able to provide in-depth cleaning for your carpet. You're going to need something more specialized, and we highly recommend the Tineco Carpet One Cruiser. From its original price of $699, it's available from Amazon's Prime Day for its lowest-ever price of $489, but you can get an additional 5% off with the checkout code TIN25PDPR. That means you'll only have to pay $465 for this smart carpet cleaner, for total savings of $234, but you'll need to act fast as we're not sure if the stocks that are up for sale will last until the final minutes of the shopping holiday.

BUY NOW

Read more
Tineco vacuum nearly $300 off for Prime Day — use this code for extra savings
The Tineco Floor One Stretch S6 cordless vacuum cleaner cleaning a spill.

In one of the most attractive vacuum deals that you can shop for Prime Day, Amazon has slashed the Tineco Floor One Stretch S6 to its lowest-ever price of $319 from its sticker price of $599. However, we've got a code for you to be able to get the cordless wet-dry vacuum cleaner with an extra 5% off — just enter TIN25PDPR during the checkout process so that you'll only have to pay $303, for total savings of $296. That's an excellent offer that you wouldn't want to miss, and you better hurry if you want to take advantage of it as it may not remain available until the end of the shopping holiday.

$303 at Amazon

Read more
Tineco’s docking vacuum has a special Prime Day price, but you can get it cheaper
A Tineco Pure One next to its charging base.

Vacuums feel like they're getting more and more expensive, and not just robot vacuum and mop combos, but ordinary hand vacs. You can go to Walmart and see bagged, corded vacuums that cost hundreds of dollars. It doesn't have to be that way. Tineco's Pure One vacuum brings power and convenience for the same price that other vacuums have, but with new features instead of going backwards into the world of cords and bags. Usually $459, it is down to $319 for Prime Day (that's a savings of $140 already) and we're happy to report you can get an extra 5% off with the code TIN25PDPR on Amazon. Tap the button below to see the vacuum yourself and snag this great deal, or keep reading for what makes this vacuum truly unique.

BUY NOW

Read more