The revamp of this classic Christmas toy has a serious Bluetooth security flaw

Fisher-Price Chatter phone connects to your smartphone via Bluetooth

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Older readers will probably remember the Fisher-Price Chatter phone, a classic toy that almost always sells out during the holiday season. This year, however, buyers might get a little more than what they paid for - if not too much.

As reported byTechCrunch, the newly “smart” edition of the Chatter phone came with a modern twist - the device is essentially aBluetooth speaker, with a built-in microphone (and the essential wobbly eyes).

That way, parents can hook it up to their mobile phones via Bluetooth, and chat away with their young ones for guaranteed hilarity.

But the problem is - there’s no secure pairing process. According toTechCrunch, anyone close enough can quite easily connect to the Chatter phone. As a result, Chatter can end up broadcasting audio from nearby smartphones and pick up on calls pretty much instantly.

Investigating the claims

In a statement, the device’s manufacturer Mattel said the phone, “will time out if no connection is made or once the pairing occurs — it is only discoverable within a narrow window of time and requires physical access to the device.”

However, inTechCrunch’s tests, the connection did not time out even after an hour. Mattel also said it was “committed to security” and that it would be “investigating” the claims.

Ken Munro, founder of the cybersecurity company Pen Test Partners, who also tested the device, said the flaw could be leveraged by malicious actors or neighbors.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“It doesn’t need kids to interact with it in order for it to become an audio bug. Just leaving the handset off is enough,” said Munro.

The first Chatter phone was released some 60 years ago, and while the old (Bluetooth-less) toys cost around $7, the new one will set you back $60. The device is battery-powered and lasts up to nine hours on a single charge, the company claims.

You might want to check out our list of thebest endpoint protection softwareright now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

iStorage Group acquires Kanguru Solutions as it looks to expand security offering

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well