Security researchers at Pen Test Partners have discovered an audio bug that turns the modern Bluetooth version of the classic Fisher-Price Chatter telephone into a spying tool. Unlike the classic kids’ version of the Chatter phone, this device features more grown-up functionalities letting users receive calls over Bluetooth using a nearby smartphone.
According to a blogpost, the privacy issue stems from the unsecure pairing process that allows unauthorized smartphones within range to pair with the device.
The findings outlined in their tests have revealed multiple concerns regarding the pairing process and potential exploitation of the audio bug.
In the first test, researchers used the Fisher-Price Chatter Bluetooth Telephone alongside two separate smartphones. They noticed that pairing with the first phone did not require security steps such, as a PIN, to successfully pair with the Chatter Bluetooth telephone.
During the test, researchers turned the Bluetooth off on the first phone to see what happens when a potential “rogue telephone” that is in range can also connect to the device. This test trial simulated a user leaving home without turning off the Chatter telephone. It appears that the second telephone did manage to pair with the device. However, no audio was received “until the Chatter phone handset is picked up, or is already off.”
Researchers recommend supervising children when using the phone and powering it off when not in use. “The audio functions of the Chatter telephone will only allow bugging if the handset is picked up or knocked off, or the speakerphone button is pressed,” the researchers warned. “Adults should ensure that the handset is always replaced and the phone is turned off.”
“Normally, only one Bluetooth phone can connect to the Chatter telephone at a time,” the researchers added. ”If a legitimate phone is connected, it is usually not possible to connect a rogue phone. “Hence, do not leave the Chatter telephone powered on if you leave your home with the smartphone that is connected to the Chatter telephone.”