• The Register, Friday, February 5, 2016 9:05 AM

Researchers with arguably too much time on their hands have discovered security blunders surrounding Fisher-Price Smart Toys and hereO GPS watches for children. Fortunately, the two sets of vulnerabilities, discovered by security researchers at Metasploit biz Rapid7, have been addressed and fixed by both affected vendors. Even so, the failure by the toymakers to discover the flaws during quality control before the products left the drawing board, let alone the factory, once again raises concerns about the security of internet and mobile-enabled gadgets and gizmos. Improper authentication handling by a Wi-Fi-equipped digital stuffed animal from Fisher-Price could have allowed attackers to gain access to basic details about a child – including their name, date of birth, and gender – manipulate account data, and hijack the toy's built-in functionality. Miscreants could connect to the device's backend server on the internet and extract the information required with little resistance.

Read the whole story at The Register »