Cybersecurity specialists report the appearance of a new toy with Bluetooth capabilities whose malicious use would allow threat actors to deploy complex espionage tasks against the homes where it is used, affecting both infants and their parents and other relatives.

The device in question is the Chatter Special Edition, which at first glance is just an accessory to add Bluetooth function and a speaker to Fisher Price’s classic toy phone, characterized by having eyes, mouth and wheels, an old favorite in homes around the world.

The launch of this device has been accompanied by an ambitious advertising campaign in which manufacturers enthusiastically announce that this phone is no longer implemented a toy and children will be able to receive phone calls through the speaker and Bluetooth connection.

The 2021 version of the device connects to a smartphone and can be used as a speaker or to make calls. To the surprise of many, the device’s rotating markup does work, unlike its predecessors. This all sounds great, although we must be careful with any technological device, including toys. According to the security firm PenTest Partners, Chatter has severe flaws that could turn it into a spying smartphone.

The researchers mention that Chatter uses a classic Bluetooth protocol without sufficient security measures, which means it accepts any pairing requests. In other words, any actor in the Chatter range could plug in a Bluetooth device and tune in to whatever is said within range of the Chatter’s microphone.

Other interesting findings from PenTest Partner include:

  • A threat actor in a nearby location could use the phone to talk and listen to a child in their home
  • If the phone’s headset is left off, the device automatically answers any calls to a connected smartphone
  • The same attacker can also make Chatter’s phone ring, so a child is likely to respond without adult supervision

The Chatter is already sold out, although fortunately it was only sold in the United States. Another piece of good news is that the toy phone, with no technological capabilities, is available almost globally for less than $20 USD.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Don’t buy this Fisher Price phone for kids; anyone can use its Bluetooth to spy on your family appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

New Log4j attack allows hacking devices that are not exposed to internet via localhost

In recent days it was revealed the detection of a new attack…

17 critical vulnerabilities affect 16,000 F5 BIG-IP security products

A report by F5 Networks points to the detection of a critical…

Vulnerabilities in electric car chargers allow spying on your home’s WiFi network

Cybersecurity specialists reported the detection of two critical vulnerabilities in two models…

Two vulnerabilities in Epic Games Launcher allow DoS attacks

Two vulnerabilities have been confirmed to be detected in Epic Games Launcher,…