Canada Journal – News of the World Articles and videos to bring you the biggest Canadian news stories from across the country every day
Security firm Rapid7 has uncovered vulnerabilities in a number of childrens’ products, although the company claims they have now been patched.
The vulnerabilities were tied to software that managed how an app used by parents communicated with the servers running the toys, which come in other animals including monkeys and panda bears.
The digital toy pairs with a parent-use app and online accounts to better interact and tailor learning activities for children ages three to eight.
Like the current “worst toy of the year” for 2014, Hello Barbie, the Fisher Price toys adapt to a child over time.
Specifically, the digital line of toys uses a combination of image and voice recognition to identify a child’s voice and to read “smart cards,” that start games and other activities during play. This can all be managed via the parent’s app.
According to Rapid7, the platform’s API calls “were not appropriately verifying the sender of messages, allowing for a would-be attacker to send requests that shouldn’t be authorized under ideal operating conditions.”
Researchers say that while there’s no evidence that the flaw was found by hackers, the ability for an unauthorized person to gain information on a child is concerning.
Rapid7 notified Fisher Price of the issue in December and the problem was fixed.
“We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear,” Fisher Price said in a statement to The Guardian. “We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person.”
Agencies/Canadajournal
