Fisher-Price - TechCrunch phone has a Bluetooth but a bug

Fisher Price TechCrunch phone has a Bluetooth but a bug

As nostalgia progresses, the Fisher-Price Chatter phone will not disappoint. The classic retro kids toy has been given a modern update for the holiday season with the new release for adults who, unlike the original toy designed for children, are able to make and receive calls on Bluetooth using a smartphone nearby.

The Chatter - despite a working rotating dial and its marked commercial eyes that go up and down when the wheels turn - is a smaller phone and more like a modern Bluetooth speaker with a microphone , which activates when the handset is lifted.

The Chatter did not spend long on the sale; the phone sold quickly while the waiting lists came up. But security researchers in the UK saw an immediate potential problem. With just the online guidebook to go, the researchers feared that a design flaw could allow someone to use the Chatter to hear the ear.

Ken Munro, founder of cybersecurity company Pen Test Partners, told TechCrunch that the leader among concerns is that the Chatter does not have a secure pairing process to stop unauthorized Bluetooth-enabled phones from connecting ris.

Munro described a series of experiments that would confirm or alleviate his concerns. Since the Chatter is only available in the US and has been regularly sold out, TechCrunch set up a monitor page to tell us when it was back in stock, bought one, and started testing.

We first introduced the Chatter phone, which activates its Bluetooth connection, repairs a phone over Bluetooth, then turned off Bluetooth to simulate someone walking the phone out of range . We then merged another phone with the Chatter unhindered, allowing us to control the Chatter's audio.

Mattel, which makes the Chatter phone, said the phone will "expire if it does not connect or once the pairing takes place - it can only be found inside a narrow window time and requires physical access to the device. ”We left the Chatter on and found that the Bluetooth pairing process did not take time after more than an hour.

READ  Chip maker AI Kneron raises $ 25M for autonomous drive push - TechCrunch

Munro then asked what would happen if we said the phone connected to the Chatter. The Chatter certainly shouted - loudly - as expected. Then we named the Chatter again, this time without replacing its receiver properly. With the handset off the hook, the Chatter automatically answered the call, activating the handset's microphone instantly and allowing us to hear environmental background audio.

Several years ago, Pen Test Partners discovered a Bluetooth-like vulnerability in a children's toy doll called My Friend Cayla, which researchers found could be packaged with someone else's phone if a phone is dropped. out-of-range parent. The toy was finally dragged off the shelves after it was discovered that the doll, when attached to his app, was recording what children were saying.

The Chatter does not have an app, and Mattel said the Chatter phone was released as “a limited advertising item and a fun twist on a classic adult toy. But Munro said he was concerned that a nearby neighbor or a determined attacker could take advantage of a lack of secure pairing, or that the Chatter could be passed on to children, who could then inciting a beast unknowingly.

“Children don't have to interact with it to be an audio finger. Just leaving the mobile phone is enough, ”said Munro.

When it comes to the decisions, Mattel spokesman Kelly Powers said the company is "committed to security and we will look into those claims."

Read more:

Related Posts

Deja una respuesta

Tu dirección de correo electrónico no será publicada.

Subir

We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information