Creepy Bear Toy Creepier Than You Could Even Imagine

Creepy Bear Toy Creepier Than You Could Even Imagine

A new internet-connected stuffed bear capable of learning a kid’s name shipped with some scary security flaws. Researchers found holes that could let creeps steal children’s personal info.

Mattel and the researchers say the flaws on its Fisher-Price “Smart Toy” were fixed before anything bad happened, but this incident underlines how vulnerable internet-connected toys are to data breaches. Boston-based security firm Rapid7 pointed out that inexperience can leave companies vulnerable to security holes, according to The Guardian:

The flaws in the Fisher-Price case had to do with how the app, meant for parents, communicates with servers running the system. They’re the kind of flaws a more experienced internet company probably wouldn’t have missed, Rapid7 said.

“This is an easy mistake,” said Tod Beardsley, Rapid7’s security research manager. “You wouldn’t find these bugs today from places like Google, Microsoft.”

Nearly 6.4 million children were affected by a horrific data breach at children’s connected-toy company Vtech. This time, Rapid7 helped Mattel fix its security flaw before anybody exploited it, but the presence of flaws that could put children in danger in toys meant to keep them comforted is, well, not very comforting. But as The Guardian points, hackers are just dying to find a flaw in Mattel’s controversial Hello Barbie toy. So this doesn’t bode well for Mattel’s cybersecurity.

Also the bear looks like it has seen some shit.

Creepy Bear Toy Creepier Than You Could Even Imagine

[The Guardian]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.