Re: Pen testing fail?
The firmware file as present on the toy maker's servers is freely accessible and copyable (which is not quite the same as 'public information' though), but given the possibility of a MITM attack, can you be sure that the firmware on the toy is the file you downloaded? Whether that can only result in farty noises every few seconds because it's lacking sensors with which to spy on you is not the point; it being possible is, and now the makers are aware of it.