<< Browse all

Domain Entertainment
Submitter Anonymous
Submitted on 08 Feb 2016
Report "Fisher-Price's Smart Toy, a Wi-Fi-enabled stuffed animal, was vulnerable to a remote flaw. An attacker could trick the web service (API) to send requests that shouldn't be authorized. From there, an attacker could allow easily find all customers -- whose accounts were associated with a unique sequential integer -- and associated children's profiles, and have wide access to create, edit, or delete children's profiles on a customer's account." http://www.zdnet.com/article/two-newly-discovered-security-flaws-light-fire-under-internet-of-things-again/
Impact Unknown
Root cause Unknown
Lesson learned None