Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Remember that Fisher-Price toy phone we wrote about a couple of months ago? Well, as it turns out, the phone could be used as a spying device, reports TechCrunch.
Some background first. Fisher-Price made a special, Bluetooth-equipped version of the iconic Chatter phone for its 60th birthday. It connects to your iPhone or Android device and lets you make and receive phone calls.
When Fisher-Price announced it, the phone sold out instantly. At the time of writing this, it’s still unavailable at Best Buy. But fearing privacy concerns, security researchers at Pen Test Partners outlined issues with the little phone.
TechCrunch was able to get their hands on one and, after some internal testing, it turned out that the tip was right. As a result, TechCrunch confirmed the phone could be used as a spying device by remotely tapping into Chatter’s audio.
So how is this possible? It all boils down to the phone not having a secure pairing process, meaning any unauthorized phones in Bluetooth range can connect to it.
Well aware
— Render Man (@ihackedwhat) December 23, 2021
The issue isn’t so much the lack of a PIN to connect, it’s that the device is always discoverable. It’s supposed to only be with a button press for a short time. Firmware hiccup I bet.
Dammit. Now I’m gonna spend the holidays dumping firmware from my chatter phone
Mattel, the company that makes the Chatter phone, told TechCrunch the phone “will time out if no connection is made or once the pairing occurs — it is only discoverable within a narrow window of time and requires physical access to the device.” TechCrunch quickly debunked this in their testing.
In another test, they left the receiver off the hook and called the phone connected to the Chatter phone, and boom, the phone answered the call, “immediately activating the handset’s microphone and allowing us to hear ambient background audio,” TechCrunch writes. Yikes.
READ MORE: Some nutbag rigged a Fisher-Price baby controller to play Elden Ring
Ken Munro, the founder of the cybersecurity company Pen Test Partners, notified TechCrunch of this security flaw and offered this kicker of a quote: “It doesn’t need kids to interact with it in order for it to become an audio bug. Just leaving the handset off is enough,” said Munro.
When pressed for comment, a Mattel spokesperson said the company is “committed to security and we will be investigating these claims.”
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- The best desk toys to stave off your existential dread
- Can you tell if there is spyware on your iPhone? Apple will now let you know
- Amazon’s new robot is basically a spy that doesn’t even work very well
- Update your iPhone and iPad immediately – there’s a new security fix for spyware