Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Bug Cellphones

Fisher-Price's Chatter Phone Has a Simple But Problematic Bluetooth Bug (techcrunch.com) 27

An anonymous reader quotes a report from TechCrunch: As nostalgia goes, the Fisher-Price Chatter phone doesn't disappoint. The classic retro kids toy was given a modern revamp for the holiday season with the new release for adults which, unlike the original toy designed for kids, can make and receive calls over Bluetooth using a nearby smartphone. The Chatter -- despite a working rotary dial and its trademark wobbly eyes that bob up and down when the wheels turn -- is less a phone and more like a novelty Bluetooth speaker with a microphone, which activates when the handset is lifted. The Chatter didn't spend long on sale; the phone sold out quickly as the waitlists piled up. But security researchers in the U.K. immediately spotted a potential problem. With just the online instruction manual to go on, the researchers feared that a design flaw could allow someone to use the Chatter to eavesdrop.

Ken Munro, founder of the cybersecurity company Pen Test Partners, told TechCrunch that chief among the concerns are that the Chatter does not have a secure pairing process to stop unauthorized phones in Bluetooth range from connecting to it. Munro outlined a series of tests that would confirm or allay his concerns. [...] The Chatter doesn't have an app, and Mattel said the Chatter phone was released as "a limited promotional item and a playful spin on a classic toy for adults." But Munro said he's concerned the Chatter's lack of secure pairing could be exploited by a nearby neighbor or a determined attacker, or that the Chatter could be handed down to kids, who could then unknowingly trigger the bug. "It doesn't need kids to interact with it in order for it to become an audio bug. Just leaving the handset off is enough," said Munro.

This discussion has been archived. No new comments can be posted.

Fisher-Price's Chatter Phone Has a Simple But Problematic Bluetooth Bug

Comments Filter:
  • by Strider- ( 39683 ) on Wednesday December 22, 2021 @10:53PM (#62108215)

    No security bugs, no batteries to charge, and best of all? No robocalls.

    • Nostalgia ain't what it used to be.
    • We had an old (aparrently older than the one this bluetooth one is modelled on) Chatter phone in the family while the kids were little, about 20 years ago. Borrowed from friends and from the 60s. Fascinating "chatter" mechanism activated when it was pulled along. Also, no eavesdropping vuln.
  • Did dropping the secure pairing feature allow Fisher-Price to stick to their production schedule and release this Chatter phone in time for the holiday season?

    Just speculating.

    • Adding hassle to the pairing process wouldn't even be worth it. If somebody is in bluetooth range they're in hearing range anyways.
      • Directional bluetooth antennas can get crazy distances compared to "normal" bluetooth.

        In playing around with such we could pair a pc with the directional antenna to a headset easily at 100m distance and listen to the sounds coming from the PC.

  • by Arzaboa ( 2804779 ) on Thursday December 23, 2021 @03:10AM (#62108587)

    I'm wondering if this is really a marketing campaign designed as a "security alert". A "security alert" with "kids" in the title will get waaay more traction than, "Bluetooth rotary phone that acts like a walkie talkie."

    It seems to me that anyone that is worried about their kid possibly hearing some words out of someones mouth ruining some kids life, needs therapy. Even if you gave one to every child on the planet, you might have this happen to 1 of these kids. If this actually happened to you, it would be a good teaching opportunity to let your kid know, that not everyone is nice. Slenderman and Smiley are not going to visit you because of this.

    Have these folks complaining about this even heard what young kids are saying, while playing video games, to each other over their very securely paired Bluetooth headphones? If Fischer-Price goes down for this, then Sony and every older brother are ruined.

    --
    When in doubt, make no sense. No sense is good. And nonsense is good. - Genesis P-Orridge

    • "Bluetooth rotary phone that acts like a walkie talkie."

      It's not just the ability to listen in on calls. Insecure pairing means anyone in range can pair it and use it as a microphone at any time, with no local interaction. That's a much higher level of privacy invasion.

  • Step 1: buy Fisher-Price Chatter phone.
    Step 2: let people eavesdrop.
    Step 3: turn them into something... unnatural.
    Step 4: Profit!

  • The Chatter doesn't have an app

    And that's bad?

    There's a device that has a chance to work in 6 months when others are bricked because the app disappears, doesn't support your slightly older Android version, doesn't work with iOS or requires an account and a high-speed internet connection to turn on a light bulb.

    • It *CAN'T* have an app. What would this app do, allow it to pair with the phone more securely? In order to have the app control the chatter, it would have to ALREADY been paired, or use some other out of band communication (like wifi) that would increase the BOM in the device.
      • Never underestimate the manufacturers' willingness to require a stupid app, credentials, internet access and way too many permissions when none is needed.

  • State Department, etc., must be gutted at the news that this won't be approved for work use, you know, at their very serious top secret spy meetings. There must be some workaround, surely?
    • Work in a Faraday cage where local internet is a secure landline just so go you can talk on your chatter phone. Just you watch... the next James Bond will have this scene... I mean honestly they can't fuck it up the series anymore than they have.

  • I do not think you folks have thought this through. Without an app, how are you going to get notifications of products and services that the manufacturer thinks may be of interest to you?

    That is not something you want to have to figure out on your own, and is best left to professionals.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...