Executive Summary

Summary
Title Fisher-Price Smart Toy platform allows some unauthenticated web API commands
Informations
Name VU#719736 First vendor Publication 2016-02-02
Vendor VU-CERT Last vendor Modification 2016-02-02
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score 6.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#719736

Fisher-Price Smart Toy platform allows some unauthenticated web API commands

Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016

Overview

The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android.

Description

The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things (IoT) toy. The device utilizes network connectivity to provide more interactivity with children.

CWE-287: Improper Authentication - CVE-2015-8269

The Fisher-Price Smart Toy uses a predictable account number which may allow an attacker that has signed up for the Fisher-Price Smart Toy platform to perform some queries and commands on other accounts. Such queries may allow an attacker to learn name, birthday, gender, and other details of the user. An attacker may also edit some personal details, and re-associate the toy to a different account.

According to the researchers at Rapid7, not all data is modifiable or reachable, somewhat mitigating the impact: Furthermore, the researcher notes the Smart Toy is based on Android 4.4 (KitKat). It is currently not clear if the platform is updated with the latest Android security patches.

For more information, please see Rapid7's security advisory.

Mattel, Inc., has provided the following statement:

    "We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this.'

Impact

A remote attacker may be able to view or edit private information about the child and/or parent that registers the toy, and may take over ownership of the toy.

Solution

Fisher-Price has made changes to the platform to mitigate this issue. Concerned users should contact Mattel, Inc. / Fisher-Price for more information.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
MattelAffected06 Jan 201601 Feb 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.5AV:N/AC:L/Au:S/C:P/I:P/A:P
Temporal5.9E:POC/RL:U/RC:C
Environmental4.4CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform
  • http://www.fisher-price.com/shop/smart-toys--174%3B/smart-toy-bear-dnv31

Credit

Thanks to Mark Stanislav of Rapid7, Inc., for reporting these issues to us.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-8269
  • Date Public:02 Feb 2016
  • Date First Published:02 Feb 2016
  • Date Last Updated:02 Feb 2016
  • Document Revision:32

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/719736

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2016-02-24 17:28:48
  • Multiple Updates
2016-02-24 00:28:02
  • Multiple Updates
2016-02-23 21:29:30
  • Multiple Updates
2016-02-04 17:28:14
  • Multiple Updates
2016-02-02 21:29:18
  • Multiple Updates
2016-02-02 21:24:03
  • First insertion