Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Hacking the Furby

posted by Fnord666 on Sunday November 26 2017, @01:28AM   Printer-friendly
from the don't-get-them-wet dept.

tonyPick writes:

Spotted at Hackernews is a link to this Context Information Security blog post on reverse engineering an IOT connected Furby toy:
Site may be down. Archive

With Christmas almost upon us and "pester season" in full swing, we thought it high time to have a prod at some of the connected toys that'll inevitably end up nestled beneath trees across the nation in just a few weeks time.

We've been working in collaboration with Which? to review the Furby Connect from Hasbro, which is currently priced at around £32.00, and comes with a smartphone app that offers to "connect you to a world of surprises."

The idea of Furbies being sold with companion apps is not a new one: the Furby Connect's predecessor, the Furby Boom, also featured an accompanying app, however communication between it and the Furby was accomplished by means of high-frequency audio. This time around, Hasbro have equipped the Furby Connect with a Bluetooth Low Energy (BLE) connection, allowing it to interface more reliably with its companion app - named "Furby Connect World"

The TL;DR is that security is not great:

This content is distributed in the form of proprietary DLC files, and seemed to contain new songs, dances, and actions for the Furby Connect to perform. If any new content is found, the associated DLC file is downloaded by the app, then pushed to the Furby Connect over its BLE connection
...
By sniffing the BLE connnection during one such DLC update, we immediately discovered that the security situation was bad. Right off the bat, none of the standard Bluetooth LE security features (e.g. authenticated pairing or link encryption) were in use by either the app or the Furby Connect. This meant that anyone within range of the communication could intercept unencrypted packets, inject their own content, or establish their own connection with the toy - all without any physical interaction required on the part of the user or the attacker.

The post then details hacking through the format of DLC files that are uploaded to the toy and generating custom audio and animations. The post contains a link to an example of the hacked toy in action, as well as response from Hasbro (the manufacturer).

Original HackerNews Thread.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hacking the Furby | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by maxwell demon on Sunday November 26 2017, @10:19AM

    by maxwell demon (1608) on Sunday November 26 2017, @10:19AM (#601680) Journal

    Just don't feed them after midnight.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2