| Report |
"Fisher-Price's Smart Toy, a Wi-Fi-enabled stuffed animal, was vulnerable to a remote flaw. An attacker could trick the web service (API) to send requests that shouldn't be authorized. From there, an attacker could allow easily find all customers -- whose accounts were associated with a unique sequential integer -- and associated children's profiles, and have wide access to create, edit, or delete children's profiles on a customer's account." http://www.zdnet.com/article/two-newly-discovered-security-flaws-light-fire-under-internet-of-things-again/
|