The same researchers whose hack on the My Friend Cayla doll prompted regulatory action have followed up with a hack on a talking toy robot bird.
Creepy Cayla doll violates liberté publique, screams French data protection agency
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
READ MORE
Researchers from UK security consultancy Pen Test Partners found that it was child’s play to turn the Teksta Toucan talking toy into a potty-mouth. In homage to The Fast Show the Toucan was induced to swear like Unlucky Alf’s parrot, as the video (below) illustrates.
“We knew that the Toucan had much in common with My Friend Cayla and iQue, so had a go at the same attacks, explained Pen Test Partner’s Ken Munro.
信息技术是一把“双刃剑”,一方面,我们可以享受飞速发展的信息技术带来的社会生产和生活的革命性变化;另一方面,黑客也可以利用信息技术的普及很方便地发动针对信息系统和信息数据的各种攻击和破坏,我们面临挑战。
El Reg understands that Toucan is manufactured by the same vendor that makes iQue and Cayla, Genesis Industries Ltd of Hong Kong, and we have asked it for comment.
Two hack methods were quickly uncovered. Firstly, the Toucan is a Bluetooth audio device. It has a microphone and speaker, so it’s possible to simply pair it to a Bluetooth audio device (laptop, phone etc) and play some audio through the Toucan.
The Toucan works in a slightly different method to Cayla. The audio files are .mp3 contained in an OBB. The second (slightly trickier) hack involves extracting the Android package in the same way as PTP did with the Cayla hack and simply change the mp3 to a sweary one of your choice.
The iQue smart robot and Cayla were banned by the German telecommunications regulator a few months back. French regulators acted against Cayla earlier this week.
“Of more concern is that one can use the microphone too. Yes, just like Cayla, a third party can snoop on your kids and your house,” Munro said. “We are in the process of reporting this to the German telecommunications regulator in the hope of another ban being issued.”
Youtube Video
Munro advised parents not to buy the toys and said, if they had one already, they should take it back to the shop.

In a barbed remark to manufacturers, Munro concludes that if vendors took the trouble to take even the most basic security steps towards securing smart toys then this sort of attack wouldn’t be possible. ®
您需要将信息安全专家、沟通管理专家、内容策划设计师、行为心理学大师以及营销大师有效地整合起来,形成一个紧密工作的信息安全推广团队。

猜您喜欢

新疆电科院获信息安全风险评估资质
网络安全意识——不要随意通过个人设备连接互联网
网络安全法宣传推广视频 004《网络安全法》的突出亮点
巴以军民爆激烈冲突!已致50人受伤
MUMU-NET PRAXISINSTITUTE
信息安全意识微视频商业间谍防范教程