Cybersecurity researchers at PenTest Partners have uncovered a severe privacy bug in a Fisher Price Chatter Bluetooth phone that allows spying on users.
Fisher-Price is a popular kids’ toys brand owned by the Barbie-giant Mattel Inc., but the 2021 version was designed for adults that connects to a smartphone and can be used as a speaker phone or to make calls.
The phone is the Fisher Price Chatter Special Edition called “60G LTE” – which stands for “60 great years, Let’s Talk Everywhere” and an infomercial for the handset opens with “The past has finally arrived” before mocking mobile phone ads quite nicely.
The device uses Bluetooth Classic failing in implementing a secure pairing process, which means it connects with any pairing request device, and the attacker can listen to whatever is said within range of the Chatter’s microphone. Experts also discovered that if the phone handset is left off, it will auto-answer any call to a connected smartphone.
“When powered on, it just connects to any Bluetooth device in range that requests to pair,” researchers explained in a blog post. “Some nearby (next door house, next apartment, street outside) can connect their own Bluetooth audio device (smartphone/laptop, etc.) and use it to bug their neighbors.”
PenTest Partners reported the vulnerabilities to Mattel to explain why Chatter’s security is so fragile and recommended the firm improve the pairing process or turn it off as the easiest mitigation. The company replied that the device was an adult toy and not for use by children.
“During initial exchanges, Mattel indicated that it was an adult toy and not for use by children. We find it hard to believe that children will not be given a phone to play with after the novelty wears off with the adult! Further, some of the audio bugging issues do not require the interaction of a child or adult,” concludes the post.
The researchers have suggested that adults thoroughly examine the phone to mitigate the threats. It includes checking the phone’s Bluetooth paired devices to find any unknown connections besides ensuring the handset of the toy phone remains in place and powering off the phone when not explicitly in use.