That Toy You Got for Christmas Could Be Spying on You

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.

Many adults found it charming when Mattel upgraded its classic Fisher-Price Chatter telephone for its 60th anniversary in October with actual Bluetooth capabilities, so grownups, too, can use it — and for actual mobile phone calls.

But flaws in the way the toy pairs with Bluetooth means that other people with nefarious intentions can potentially be listening in on private conversations, researchers have found.

A team at Pen Test Partners revealed earlier this month that the implementation of Bluetooth used in the device has no secure pairing process, allowing for audio bugging by anyone nearby when someone is using Chatter to talk on the phone, they said.

“When powered on, it just connects to any Bluetooth device in range that requests to pair,” allowing for “audio bugging of both children and adults” in some cases, researchers wrote.

The idea is that someone nearby — i.e., a neighbor living in a nearby house or apartment, or even someone on the street outside — could connect his or her own Bluetooth audio device

Read More: https://threatpost.com/toy-christmas-spying/177288/