A hilarious video of an animatronic toucan firing off profanities is just the latest example of the growing concerns about Bluetooth-connected children’s toys.
Security researchers at Pen Test Partners have demonstrated how the Teksta Toucan manufactured by toy-maker Genesis can easily be taken over by hackers to play audio and even snoop on your home.
The team highlights two methods that could be used to carry out an attack – and, one simply requires pairing it with a Bluetooth audio device.
The Teksta Toucan is designed to interact with kids; it can crack jokes, do impressions, and answer questions. But, a hilarious video of the toucan firing off a tirade of profanities is just the latest example of the growing concerns about Bluetooth-connected children’s toys
Genesis has come under fire numerous times in the recent past for toys that could potentially ‘spy’ on children and their families.
In February, Germany banned sales and ownership of the firm’s My Friend Cayla doll, citing the hacking risk.
The latest video, while comical, builds on these concerns.
The Teksta Toucan is designed to interact with kids; it can crack jokes, do impressions, and answer questions.
In the researchers’ demonstration, however, it’s anything but child friendly.
The hilarious footage shows the robotic bird squawking the words ‘tw*t’ and ‘w*****’, in ‘homage’ to the foul-mouthed parrot from the comedy show, Unlucky Alf.
The researchers say they’re now in the process of reporting the vulnerability to Genesis.
The Pen Test team tried out two different methods to gain access to the Teksta Toucan.
In the ‘easy one,’ they simply paired it to a Bluetooth audio device – such as a laptop or smartphone.
Then, they streamed the audio through.
WARNING: VIDEO CONTAINS OFFENSIVE LANGUAGE
Security researchers at Pen Test Partners have demonstrated how the Teksta Toucan manufactured by toy-maker Genesis can easily be taken over by hackers to play audio and even snoop on your home. In the video, it can be heard saying profanities
The researchers say this will also give hackers access to the microphone, which they note is ‘of more concern’ than the audio attack.
‘Yes, just like Cayla, a 3rd party can snoop on your kids and your house,’ the researchers warned in the blog post.
In the second, more ‘complicated’ method, they extracted the toy’s Android package to swap out the mp3 audio files.
By doing this, a potential hacker could ‘simply change the mp3 to a sweary one of your choice.’
The researchers say they’re now in the process of reporting the vulnerability to Genesis, who makes the Teksta Toucan
The researchers have issued another stark warning about smart kids toys, urging parents to get rid of any they may have in the house.
And, they’re calling on regulators and manufacturers to take the steps to prevent these vulnerabilities in the first place.
‘Parents: don’t buy these toys,’ the researchers wrote.
‘If you have one already, I suggest returning it to the retailer. If you want to keep it, only allow the toy to be used under close parental supervision and ensure it is switched off when not in use.
‘Regulators: please ban smart kids toys that allow trivial snooping on our kids!
‘Manufacturers: if you take even the most basic steps towards securing smart toys, this sort of attack won’t happen.’