You’d think that toymakers would have learned their lesson from movies like “Chucky.” The more bells and whistles you give to a doll, the more likely it is to become for evil. Thus, Fisher Price’s Smart Toy® Bear.
Yep, it’s got the cold, dead eyes and oversized head of 4Chan’s favorite mascot, Pedobear. But that’s not all it’s got–under the fur, computerized guts will allow it to do things like learn your child’s name, figure out their favorite activities, and have adventures. Inevitably, it is both app-controlled and Wi-Fi connected.
Also inevitable: Fisher Price, a division of Mattel, is making its first foray into the world of smart, app-connected toys. As such, they made a rookie mistake, which would have allowed hackers to grab the child’s name, date of birth, and gender by exploiting the connection between the mobile app and the bear itself.
Fortunately for any kids unlucky enough to own this thing already, Boston-based security firm Rapid7 identified the bug and worked with Mattel to patch the stuffed bear before anything leaked into the wild. However, the fact that this happened in the first place raises a number of troubling questions.
First of all: Mattel had a revenue of $5.7 billion last year. They couldn’t spare the $50K it would have cost to have this toy pen-tested before it hit the market? Of course they couldn’t, because capitalism. Specifically because spending $50K to have a security audit on the toy would equate to waiting an extra month before the toy hit shelves, during which time one of their competitors could steal a march on them. Time is everything in software development, and especially in app development, and software testing is usually the first casualty of crunch time.
Here’s the other big question: Between this incident, VTech’s crap-tablets, and Mattel’s hackable Barbie, there have been three high-profile “compromised toy” stories since November. Toys like the Smart Bear are going to flood the market this year, and many of them are going to be produced under the same rushed conditions. By this time in 2017, how many more hackable toys are we going to see?