Researchers have uncovered several security weaknesses in Fisher-Price’s new Smart Toy.
Fisher-Price, a division of Mattel, has collaborated with a tech company to make Smart Toy, a teddy bear that can learn and remember your child’s name, favorite colors and foods, and “adapts” to your child’s “developmental progress.” Smart Toy comes with an accompanying app that parents can use to send commands to Smart Toy or monitor their child’s behavior and progress.
Testers found weak spots
While Fisher-Price’s website claims that “no personally identifiable data is transmitted by Smart Toy,” researchers at Boston-based security company Rapid7 nonetheless found several failings in the way that the app communicates data to the server that would make Smart Toy vulnerable to hacking.
Although there have been no instances of hacking reported so far, Rapid7’s research shows that hackers could theoretically tap into the Smart Toy app, accessing a child’s name, birthdate, gender, and other data.
According to Rapid7, Fisher-Price has since corrected the issue. The toy manufacturer said, in a statement, “We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this.”
Choose collaborators wisely
Rapid7 says that part of the problem is collaborating with less experienced tech companies.
Said research manager Tod Beardsley, “This is an easy mistake. You wouldn’t find these bugs today from places like Google, Microsoft.”
Despite the many benefits of the Internet of Things, cases like Smart Toy demonstrate how increasing connectivity leaves us – and apparently, our children — vulnerable to hacking. Rapid7 has also found security flaws in other smart products marketed towards parents and children, such as a smart baby monitor.
Mattel is hoping to nip the problem in the bud with its smart Barbie. They’ve hired researchers to find weaknesses in Barbie’s security system – before hackers do.