Page 41 - Cyber Warnings
P. 41
The number of vulnerabilities found in both ToyTalk’s websites and web services, and in such a
short amount of time, indicate that they had little to no pre-production security analysis and are
relying on their bug bounty program to patch up the holes.
However, this could have been easily remedied by hiring a professional security team to audit
the attack surface that is left.
It also seems that the KidSafe Seal Program does not provide strict or clear enough information
security requirements for web related technologies. In the end, it’s a decision for the parents
about the trust they place in ToyTalk.
If ToyTalk’s servers are ever eventually breached, they wouldn’t be the first company to leak
personal information about children to hackers. It’s up to the parents to decide whether they
want to take that risk.
Company Bio can be found on our site at http://www.somersetrecon.com/about/
Our Team
Somerset Recon is a small team of experts who are absolutely obsessed with security. Staff
come from diverse backgrounds including academia, military, big e-commerce, and the
underground hacker world. They've presented at major security conferences and authored
innovative research papers in security and privacy.
Since 2012, we've been building solutions for top-tier corporations and government agencies.
Our customers rely on our expertise and come to us with the really hard problems that few
groups can tackle.
Our team's great strength lies in our ability to figure out the security implications of new,
complex, little-understood technologies. Everyone at Somerset Recon has deep experience
tearing apart devices and systems to understand their dark inner workings.
Location
We're headquartered in beautiful, sunny San Diego, California, which is how we manage to stay
so cheerful in the face of the constant assault of security challenges.
41 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
