Mattel’s Fisher-Price has fixed a software problem in its “smart” teddy bears that could have allowed hackers to spy on children through the bears, the toymaker announced this week.
“We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear,” the company said in a statement. “We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person.”
“Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this,” the company added.
The vulnerability was discovered in December by Boston-based cybersecurity firm Rapid7 after the company’s manager of global services, Mark Stanislav, received the bear at a “diaper party” for his unborn daughter last fall.
The WiFi-enabled bear is an “an interactive learning friend with all the brains of a computer,” according to its product description by Fisher-Price, that “talks, listens, and ‘remembers’ what your child says and even responds when spoken to.”
To make that happen, the “remarkable furry friend” is equipped with an application to help the bears adapt. When Stanislav disassembled his bear, he found that app could be hacked, exposing personal data that includes children’s names, birth dates, genders, and other information that the bears harvest via “unlimited WiFi content updates.”
Fisher-Price said that it resolved the vulnerability in late January. In addition to using the information to stalk families, it could also be used for more common forms of cyberattacks, such as phishing schemes that are based on leveraging personal information.
Related Story: http://www.washingtonexaminer.com/article/2574698
Though the bear is intended to take children “on imaginative adventures,” a statement on Fisher-Price’s website assures that “NO PERSONALLY IDENTIFIABLE DATA is transmitted by [the] Smart Toy,” at least not intentionally.
