Gremlins (1984) might become a reality—kind of. In the movie a child adopts a pet that resembles a big eyed cross between a small dog and a teddy bear. He is warned to never feed his pet after midnight and never let it touch water. He soon learns that these two vices turn the adorable little animal into a havoc-reeking monstrosity that multiplies exponentially when it comes in contact with water. While this is a story of science fiction and can keep children awake at night, something similar may be possible thanks to flawed application programming interfaces (API’s) in a Fischer-Price teddy bear.
What Are API’s?
API’s are a set of protocols and instructions that programs use to interact with one another without releasing information to the user. For example, when you buy a movie ticket at a theater kiosk and use your credit card, the machine uses an array of API’s to communicate between the movie theater, your credit card company, and yourself seamlessly without you noticing what is really going on behind the scenes. In the case of the Fischer-Price teddy bear, the API’s did not properly verify who sent the instruction messages for the toy; therefore, a hacker could guess user names and have the Fischer-Price database return user data such as names, birth dates, and languages spoken.
Rapid7, an IT analytics and security company, says hackers could go even further than pilfering information from the API’s in the teddy bears. Rapid7 says that hackers could “effectively force the toy to perform actions that the child user didn’t intend, interfering with normal operation of the device.” It would be quite startling to wake up to a ruckus downstairs and find your teddy bear invited a bunch of his teddy bear friends over for a party at 2am. Although this scenario is far fetched, and a child’s teddy bear turning into a real life version of a Gremlin is outlandish, it does beg the question, how secure are we?
Connected Devices Making it Easier for Hackers
The growing trend is for every device we own to be interconnected and seamlessly work together. This includes our computers, smartphones, smart TV’s, toys, and even our cars. You can brew your morning coffee with an app connected to your coffee maker from anywhere and answer your door from work with video and audio using your smart phone.
Taking it one step further, a couple of hackers over the summer demonstrated to a friend that after a few months of modifying code then a couple blocks riding in the backseat of his Jeep, they could take control of the car in entirety using their computers over the internet. This included his windshield wipers, stereo, climate control—even his transmission.
As technology advances so will its applications and IT security will need to match or we could have an army of teddy bears running wild through town. If you could not have guessed by now this blog offers no advice on surviving a teddy bear attack. You are on your own.