Internet-Connected Fisher Price Teddy Bear Left Kids’ Identities Exposed

In the age of the Internet of Things, teddy bears and Barbie dolls aren’t just silent inanimate dummies anymore, but can actually listen and talk to children. But these gizmos are sometimes too chatty, and can expose the personal information of their little owners. A bug in the web platform of the Fisher Price Smart Toy Bear potentially allowed hackers to compile a database of all the children using the toy, according to recent research.

The research highlights the dangers of so-called “smart” toys, just a few weeks after privacy and security researchers found multiple flaws that could turn the Internet-connected Hello Barbie doll into a surveillance device. Fisher Price’s Internet-connected teddy bear has a tiny camera on its nose. The camera reads a set of smart cards that will trigger the bear to tell jokes, teach kids curious facts, and other specific learning and playing activities. The bear is also able to respond to the children’s questions, according to Fisher Price. The toy also comes with an app for parents, which allows them to control it remotely. A researcher at security firm found that a flaw in the app’s platform web service or API allowed hackers to easily find out the names, birthdates and gender of the children using the toy.