Ken Munro, founder of the cybersecurity company Pen Test Partners,
told TechCrunch that chief among the
concerns are that the Chatter does
not have a secure pairing process to stop unauthorized phones in
Bluetooth range from connecting to it...
First, we switched on the Chatter phone, which
activates its Bluetooth connection, paired a phone over Bluetooth, then
switched off Bluetooth to simulate someone walking the phone out of
range. We then paired another phone with the Chatter without hindrance,
allowing us to remotely control the Chatter’s audio.
Mattel, which
makes the Chatter phone, said the phone “will time out if no connection
is made or once the pairing occurs — it is only discoverable within a
narrow window of time and requires physical access to the device.” We
left the Chatter on and found the Bluetooth pairing process did not time
out after more than an hour.
Then, Munro asked what would happen
if we called the phone connected to the Chatter. Sure enough, the
Chatter rang — loudly — as expected. Then we called the Chatter again,
this time without properly replacing its receiver. With the handset off
the hook, the Chatter automatically answered the call, immediately
activating the handset’s microphone and allowing us to hear ambient
background audio. more
