A smart teddy bear left children’s personal data exposed to hackers, revealing security lagging behind as more and more of our household products are brought online through the rapidly growing Internet of Things.
Vulnerabilities have been discovered in Mattel’s Fisher-Price Smart Toy, a stuffed bear that learns your child’s name, and gps watch Here0 that let cyber crooks steal children’s names, birthdates, and location. Both toys are aimed at children as young as three.
Both firms have solved the issues, that were uncovered by researchers at security company Rapid7, with Fisher-Price announcing in a statement:
"We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorised person," adding:
Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this.
The smart bear’s security flaw stemmed from the way the app, intended for parents, communicated with the server. The gps watch, meanwhile, had an authorisation flaw that allowed criminals to access children’s location and location history.
The popularity of smart products means consumers are bringing more and more of their data online through the Internet of Things, leaving us vulnerable to security flaws, as Rapid7 researchers wrote in a blog post:
While many clever and useful ideas are constantly being innovated for market segments that may have never even existed before, putting this agility into consumers' hands must be delicately weighed against the potential risks of the technology's use.