Hardcoded Keys in Elemental Path's CogniToys Dino Smart Toys Enable VoIP Traffic Decryption

Hardcoded Keys in Elemental Path's CogniToys Dino Smart Toys Enable VoIP Traffic Decryption

CVE-2017-8866 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.

Learn more about our Cis Benchmark Audit For Server Software.