Looking inside ourselves and out at the world
Independent and neutral with regard to all political and religious orientations,® aims to promote awareness of the major democratic principles on which tolerance is based.

Fisher-Price bear could have leaked child's information to hackers

BOSTON — Researchers at a Boston-based security company found security flaws connected to a Fisher-Price toy line that would allow a hacker to steal a child's information. The toy line was created in a collaboration with Smart Toy, a tech company, in September and features three stuffed animals that can learn a child's name, birthday, gender and even language. The stuffed animals can be paired with an app that was advertised as being able to increase child-to-toy interaction. According to a report released on Feb. 2 by security company Rapid7, when the toy is connected to the Internet, it is vulnerable to would-be hackers. "It was determined that many of the platform's web service (API) calls were not appropriately verifying the 'sender' of messages, allowing for a would-be attacker to send requests that shouldn't be authorized under ideal operating conditions," the report said. The report continues, outlining the potential dangers of the unsecured toy including the leak of private information on a child, which could be used to "to facilitate any number of social engineering or other malicious campaigns against either the child or the child's caregivers." The report also notes that hackers could perform further immediate damages stating, "Additionally, because a remote user could hijack the device's functionality and manipulate account data, they could effectively force the toy to perform actions that the child user didn't intend, interfering with normal operation of the device." According to the timeline of the report, Fisher-Price was initially notified in November and CERT was notified in December. The company acknowledged the problem in January and has since resolved the issue. "We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person," Fisher-Price said in a statement. "Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this." ----------------------------------------­­--------------------- Welcome to TomoNews, where we animate the most entertaining news on the internets. Come here for an animated look at viral headlines, US news, celebrity gossip, salacious scandals, dumb criminals and much more! Subscribe now for daily news animations that will knock your socks off. Visit our official website for all the latest, uncensored videos: Check out our Android app: Check out our iOS app: Get top stories delivered to your inbox everyday: Stay connected with us here: Facebook Twitter @tomonewsus Google+ Instagram @tomonewsus

© DailyMotion -

Comment on this article!
To post a comment, we encourage you to become a member of® or log in if you are already a member. You can still post your commentwithout registering, but you will need to fill your personal information each time.

Become a member (free)   |   Log in

Postings are subject to the terms and conditions of®. Before submitting your message , you must read the Terms and conditions of® and agree to them by checking the box below.
Your name:
  I have read and agree to the Terms and conditions of®.
Follow us on ...
Facebook Twitter