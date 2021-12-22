U.S. markets close in 1 hour 12 minutes

  • S&P 500

    4,678.74
    +29.51 (+0.63%)
     

  • Dow 30

    35,671.77
    +179.07 (+0.50%)
     

  • Nasdaq

    15,442.59
    +101.51 (+0.66%)
     

  • Russell 2000

    2,209.27
    +6.32 (+0.29%)
     

  • Crude Oil

    72.95
    +1.83 (+2.57%)
     

  • Gold

    1,802.80
    +14.10 (+0.79%)
     

  • Silver

    22.76
    +0.24 (+1.05%)
     

  • EUR/USD

    1.1331
    +0.0043 (+0.39%)
     

  • 10-Yr Bond

    1.4600
    -0.0270 (-1.82%)
     

  • GBP/USD

    1.3355
    +0.0090 (+0.68%)
     

  • USD/JPY

    114.1980
    +0.1440 (+0.13%)
     

  • BTC-USD

    48,941.43
    +535.48 (+1.11%)
     

  • CMC Crypto 200

    1,244.72
    -5.72 (-0.46%)
     

  • FTSE 100

    7,341.66
    +44.25 (+0.61%)
     

  • Nikkei 225

    28,562.21
    +44.62 (+0.16%)
     

Fisher-Price's Chatter phone has a simple but problematic Bluetooth bug

Zack Whittaker
·3 min read

As nostalgia goes, the Fisher-Price Chatter phone doesn't disappoint. The classic retro kids toy was given a modern revamp for the holiday season with the new release for adults which, unlike the original toy designed for kids, can make and receive calls over Bluetooth using a nearby smartphone.

The Chatter — despite a working rotary dial and its trademark wobbly eyes that bob up and down when the wheels turn — is less a phone and more like a novelty Bluetooth speaker with a microphone, which activates when the handset is lifted.

The Chatter didn't spend long on sale; the phone sold out quickly as the waitlists piled up. But security researchers in the U.K. immediately spotted a potential problem. With just the online instruction manual to go on, the researchers feared that a design flaw could allow someone to use the Chatter to eavesdrop.

Ken Munro, founder of the cybersecurity company Pen Test Partners, told TechCrunch that chief among the concerns are that the Chatter does not have a secure pairing process to stop unauthorized phones in Bluetooth range from connecting to it.

Munro outlined a series of tests that would confirm or allay his concerns. Since the Chatter is only available in the U.S. and was persistently sold out, TechCrunch set a page monitor to tell us when it was back in stock, bought one, and started testing.

First, we switched on the Chatter phone, which activates its Bluetooth connection, paired a phone over Bluetooth, then switched off Bluetooth to simulate someone walking the phone out of range. We then paired another phone with the Chatter without hindrance, allowing us to remotely control the Chatter's audio.

Mattel, which makes the Chatter phone, said the phone "will time out if no connection is made or once the pairing occurs — it is only discoverable within a narrow window of time and requires physical access to the device." We left the Chatter on and found the Bluetooth pairing process did not time out after more than an hour.

Then, Munro asked what would happen if we called the phone connected to the Chatter. Sure enough, the Chatter rang — loudly — as expected. Then we called the Chatter again, this time without properly replacing its receiver. With the handset off the hook, the Chatter automatically answered the call, immediately activating the handset's microphone and allowing us to hear ambient background audio.

Several years ago, Pen Test Partners found a similar Bluetooth vulnerability in a child's toy doll called My Friend Cayla, which the researchers found could be paired with another person's phone if the parent's phone goes out of range. The toy was eventually pulled from shelves after it was found the doll, when connected to its app, was recording what children were saying.

The Chatter doesn't have an app, and Mattel said the Chatter phone was released as "a limited promotional item and a playful spin on a classic toy for adults." But Munro said he's concerned the Chatter's lack of secure pairing could be exploited by a nearby neighbor or a determined attacker, or that the Chatter could be handed down to kids, who could then unknowingly trigger the bug.

"It doesn't need kids to interact with it in order for it to become an audio bug. Just leaving the handset off is enough," said Munro.

When reached about the findings, Mattel spokesperson Kelly Powers said the company is "committed to security and we will be investigating these claims."

Read more:

Recommended Stories

  • Got $2,000? Here Are 2 Beaten-Down Growth Stocks to Buy Right Now

    Twilio is the leading provider of in-app communication solutions, making your smartphone even smarter. Roku is the top dog among streaming video hubs for TVs, commanding nearly double the U.S. market share of its closest competitor. You're probably going to spend a lot of time on mobile apps and streaming video in the future, making the recent sell-off in Twilio and Roku that much more appetizing.

  • Apple iPhone Sales Are Stronger Than Expected, Says Morgan Stanley

    Apple is set to report upside sales and earnings for the December quarter because iPhone sales are brisk, says Morgan Stanley.

  • 5 Reasons Apple Stock Can Trade Higher From Here

    There are reasons to expect higher highs for Apple stock—and many new gadgets from the tech giant—ahead.

  • Amazon Web Services Has Another Outage. Why The Market Doesn’t Really Care.

    A third outage in as many weeks hampered a variety of online services and websites, including companies such as Slack, Asana and Epic Games.

  • Amazon restores cloud services after power outage hits data center

    "The issue has been resolved and the service is operating normally," AWS said. Amazon earlier said the outage had affected its platform that provides computing capacity to cloud network operated by its unit, Amazon Web Services (AWS).

  • Why the Log4j vulnerability is such a big deal, according to a former NSA hacker

    In a year that has experienced one jarring cyber attack after another — from ransomware disruptions to the U.S. gas supply and food industries to one of the largest crypto heists ever witnessed — it seems only fitting that 2021 should end with yet another cyber threat.

  • Why Shiba Inu Could Be Ready for a Bull Run in 2022

    There's no question that Shiba Inu (CRYPTO: SHIB) has been one of the biggest winners of 2021. The dog-themed cryptocurrency is up a remarkable 45,000,000%, climbing from just 0.000000000073 at the start of the year to $0.000033 (going from 10 zeros to 4). To express that in simple math, a little more than $2 invested in Shiba Inu at the beginning of 2021 would now be worth $1 million.

  • Is Cisco Stock A Buy? Computer Networking Group Out-Performs Amid Tech Volatility

    The outlook for CSCO stock depends on spending trends for cloud computing infrastructure as well as corporate and telecom networks amid the shift to remote work.

  • Is T-Mobile Stock A Buy? Buyback Looms As Catalyst, 2022 Guidance A Wild Card

    T-Mobile holds an edge in 5G wireless spectrum but will its market share gains vs. AT&T and Verizon continue? Here is what fundamental and technical analysis says about buying TMUS stock.

  • The Biggest Reason Apple Stock Is a Screaming Buy for 2022

    Apple (NASDAQ: AAPL) stock has stepped on the gas in the second half of 2021, driven by impressive sales and earnings growth. Let's see what this new iPhone could be all about and how it could supercharge Apple's growth. Investment bank J.P. Morgan believes that Apple could be working on a 5G-enabled version of its entry-level iPhone SE device.

  • BlackBerry Reports Third Quarter Fiscal Year 2022 Results

    BlackBerry Limited (NYSE: BB; TSX: BB) today reported financial results for the three months ended November 30, 2021 (all figures in U.S. dollars and U.S. GAAP, except where otherwise indicated).

  • Best Cybersecurity ETFs for Q1 2022

    The global cybersecurity market is expected to expand at a healthy compound annual growth rate (CAGR) of 10.9% through 2028 as cybercrime and cyberattacks affect more individuals, companies, and governments.

  • 3 Things About Amazon That Smart Investors Know

    Amazon's advertising business, third-party marketplace, and connected fitness business deserve a lot more attention.

  • 5 Cryptocurrencies Sure to Be on Santa's Nice List

    With just nine days to go before we turn the page on 2021, it's fair to say that cryptocurrency investors have enjoyed another above-average year. Further, the market value of all cryptocurrencies is up by more than 1,400% since the March 2020 low. While throwing a dart at many of the most-popular cryptocurrencies over the past year would have worked out for investors, there are five cryptocurrencies that have really stood out.

  • Uniswap Preps Polygon Launch, Driving MATIC to All-Time Highs

    The popular decentralized exchange has deployed on Polygon in a bid to attract more retail traders.

  • Meme Stock GameStop Now Accepts Meme Cryptos Like Doge

    In a year which began with memes helping to propel GameStop’s junk stock price into the stratosphere, it’s only fitting that the shrinking video game retailer should cap the frivolities off by cozying up to cryptocurrencies. Last week, GameStop apparently joined Flexa, a payment network that lets you pay for real-world stuff with blockchain assets, including the meme currency Dogecoin.

  • Ethereum PoS-based Public Merge Testnet Is Now Live

    Ethereum’s blockchain mainnet and beacon chain are expected to merge in the first half of 2022.

  • Amazon finds consumers losing interest in Alexa as privacy fears mount

    Consumers are losing interest in Alexa smart speakers as privacy fears mount and their novelty wears off, internal documents from Amazon have warned.

  • EU clears Microsoft-Nuance without conditions

    The European Union's competition regulator has given the all-clear to Microsoft's $19.7 billion purchase of transcription tech firm Nuance, which was announced earlier this year. The EU said today it has concluded there are no competition concerns for the region if the acquisition goes ahead, clearing it without conditions. The deal was notified to the Commission's regulators on November 16.

  • We're Taking a Fresh Look at AppLovin's Charts

    Four months and a secondary offering have passed, so let's check on the charts again. In this updated daily bar chart of APP, below, we can see that prices rallied after our August review. The On-Balance-Volume (OBV) line shows a rise from August telling us that buyers of APP have been more aggressive.