[Infowarrior] - Reverse-engineering a connected Furby toy, revealing its disturbing security defects

[Richard Forno]

Reverse-engineering a connected Furby toy, revealing its disturbing security defects

When Context Labs teamed up with UK consumer group Which? to produce an outstanding report on the surveillance, privacy and security risks of kids' "connected toys," it undertook the reverse-engineering of Hasbro's new Furby Connect, a device that works with a mobile app to listen and watch the people around it and interact with them.

Naturally, any internet-connected device has the power to spy on your home network, and once you give that device a camera and microphone, it also has the power to spy on the people in your home, capturing audio and video of them at intimate moments, stealing their secrets and invading their privacy.

So you'd hope that the Furby Connect would have a very robust security model that prevented bad actors from covertly updating the device to turn it into a surveillance tool. Unfortunately, as Context discovered, "the security situation was bad."

From the Bluetooth LE channel used by the device to talk to your phone (encryption turned off!) to the ability to conduct over-the-air firmware updates, to the lack of firmware update authentication, the device is a near-total disaster (though the researchers do say they find the design "frankly adorable").

More disturbing is Hasbro's dismissive response, which boiled down to, "We don't think this is a big deal so we're not going to do anything about it #wontfit."

The Context Labs report on the subsequent reverse-engineering of the protocols, format and firmware for the Furby Connect is an excellent example of the technological detective story, in which engineers have match their intellect against those who came before them and unravel their secrets -- the sort of thing that makes Bunnie Huang's book The Hardware Hacker such an essential read.

< - >

https://boingboing.net/2017/11/26/kill-it-with-fire.html