It turns out that even the cute toy bear on your child’s bed is prone to hacking. A toy sold by Fisher-Price with the rather generic “Smart Toy Bear” name was recently found to be vulnerable to attacks from would-be hackers. Research firm Rapid7 first noticed the security hole, The Guardian said.
The flaw didn’t put children in danger, and it doesn’t appear that the bear could have done anything creepy like spy on children, but overlooked vulnerabilities inside the code could have made it easy for a family member to fall victim to a phishing attack, The Guardian explained.
Members of the Rapid7 team suggested that Fisher-Price might have wanted to hire more experienced coders in the future, describing the flaw as “an easy mistake” and something that “a more experienced internet company probably wouldn’t have missed.”
Fisher-Price acknowledged the issue and has already applied a fix.
“We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear,” Fisher-Price said. “We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve vulnerabilities likes this.”
Scenarios like these are worth thinking about, though, as smart toys become more and more popular. If it’s built by a toy maker, it’s possible that such a company doesn’t have the necessary staff on hand to make sure everything is locked down.