A new internet-connected stuffed bear capable of learning a kid's name shipped with some scary security flaws. Researchers found holes that could let creeps steal children's personal info. Mattel and the researchers say the flaws on its Fisher-Price "Smart Toy" were fixed before anything bad happened, but this incident underlines how vulnerable internet-connected toys are to data breaches. Boston-based security firm Rapid7 pointed out that inexperience can leave companies vulnerable to security holes, according to The Guardian:
The flaws in the Fisher-Price case had to do with how the app, meant for parents, communicates with servers running the system. They're the kind of flaws a more experienced internet company probably wouldn't have missed, Rapid7 said.
"This is an easy mistake," said Tod Beardsley, Rapid7's security research manager. "You wouldn't find these bugs today from places like Google, Microsoft."
Nearly 6.4 million children were affected by a horrific data breach at children's connected-toy company Vtech. This time, Rapid7 helped Mattel fix its security flaw before anybody exploited it, but the presence of flaws that could put children in danger in toys meant to keep them comforted is, well, not very comforting. But as The Guardian points, hackers are just dying to find a flaw in Mattel's controversial Hello Barbie toy. So this doesn't bode well for Mattel's cybersecurity.
Also the bear looks like it has seen some shit.