Smart stuffed animals are growing in popularity thanks to their cuteness and interactive features. But a smart teddy bear was pointed as a security risk.
Now, this is not something that you can read about everyday. A teddy bear that can be hacked and used by hackers for ID theft, surveillance and all other sorts of things. According to cybersecurity company Rapid7 this is entirely possible right now.
The researchers have pointed at the Fisher-Price Smart Toy range of interactive stuffed animals. They are aimed at kids 3-8 years old and feature lots of digital features for entertainment and education. The stuffed animals have several built-in features but for some extra capabilities a Wi-Fi connection is required.
When connecting the teddy bear or other smart stuffed toy from this range, it becomes a target for hackers, Rapid7 researchers say. There is a companion mobile app to receive updates and help parents control the toys. The security experts say that the app doesn’t properly verify the source of the commands and this allows hackers to send requests to the app. This in turn can make the app provide them with its information.
Thus the hackers can possibly find customers who own the toys and find their details. It can find the profiles of children and information about them. Hackers can also create or edit profiles within the system. They can also hijack the smart stuffed animal’s built-in functionality and get access to data.
The good news is that Rapid7 has contacted Fisher-Price about the issue late last year. There are no indications that hackers had known about the issue. The vendor has since claimed it has fixed the vulnerabilities and that the software should be safe. This means that owners of Fisher-Price Smart Toy stuffed animals should update the mobile apps of their toys as soon as possible in order to make sure they are secured.