The cool retro phone with a REAL DIAL… plus plenty of IoT problems

Security

The picture you see above is not only a real Fisher-Price product, released in the second decade of the 21st century…

…but is also officially NOT A TOY!

Sure, it looks like a Chatter Phone toy, with an external appearance that adults of all ages will recognise, perhaps from having had one, played with one, or at least seen one in the toy store all those years ago.

Even when the mobile phone age arrived, the Chatter Phone retained its dial (an actual dial-shaped dial!), its cheese-dish phone styling, and its sideways receiver.

Fascinatingly, “keeping it retro” has been part of telephony ever since the second generation of telephone instruments came out in the century before last.

We carried on referring to the combined mouthpiece-and-loudspeaker component as a “receiver”, and we talked about “replacing the receiver”, long after the receiver ceased to be a separate item that contained just a loudspeaker. (Originally, only the receiver could be lifted up and replaced, because the mouthpiece – the sender – was typically built into the body of the instrument itself.)

And we kept on putting the receiver “back on the hook” to end a call long after phones had either receivers or hooks.

To this day – in fact, in this era of outsourced phone support and faraway call centres, perhaps more so than ever – we “continue to hold” even though Bluetooth headsets mean there is nothing to hold onto any more, and we still “dial” calls, although we now use a “keypad” to do so.

Of course, not only is it no longer a dial, it’s not even a keypad these days: it’s usually a touch screen with no actual keys or buttons at all.

The only thing that didn’t catch on in telephony, and perhaps we can all be thankful for this, is Alexander Graham Bell’s preferred telephonic greeting of “Ahoy!” – though for all we know a future generation of pirate-talking techies might revive this ancient rite.

[I know it’s the day before the day before Christmas, but can we get to the phone bugs already? Ed.]

This is NOT A TOY

Ah, yes.

Back to the Fisher-Price “NOT A TOY” Chatter Telephone with Bluetooth.

They’re not really for children, which is just as well because retro-loving adults seem to have bought them all up. ($60 at Best Buy, out of stock at our closest US store, which turns out to be 4900km away from Oxfordshire, in Bangor, Maine.)

In fact, if you’re a techie and you hadn’t heard of this product before, we suspect you secretly want one now, because [a] childhood memories, [b] ultimate happy/hippie/retro look, [c] the dial actually works, so you can actually dial calls, with an actual dial!

IoT FTW!

But you know where this is going, and you can probably guess who took it there – our chums Pen Test Partners (PTP), just down the road (or not far along the old railway line that’s currently being rebuilt) in Buckinghamshire, the next county over.

PTP wanted one of these phones, just like you do, but their closest Best Buy is also in Maine, so they decided to ask a friend in North America to order one (even he had to wait six weeks!), and conducted their research remotely.

Great circle route to closest US Best Buy from the counties of Oxon and Bucks.

Elegantly simple

The Chatter Telephone with Bluetooth is elegantly simple : the device is basically a bluetooth “headset”, with the added ability to accept numeric input (plus the all-important hash/pound and star symbols) via the rotary dial.

We don’t how how or if you can dial the plus symbol for overseas calls, but many countries let you use a special digit sequence instead.

So, the Chatter Telephone doesn’t take a SIM card itself; instead, it pairs with a regular mobile phone and acts, if you like, as a sort of extension – a happy, smiley, cheerful, brightly coloured, child-like extension phone with an actual rotary dial.

But despite its minimalistic functionality, PTP found that there had nevertheless been plenty of room for Fisher-Price to leave out the sort of cybersecurity features you might have expected.

Notably, PTP found that:

  1. The Chatter Phone has no Bluetooth pairing security. So, anyone in range of an unpaired device could hook it up to their phone instead of yours.
  2. Pairing your own phone with the Chatter Phone doesn’t lock other people out. You’d hope, despite flaw (1), that once you’d paired your device with the Chatter Phone, it would need to be reset before it could be paired again. Apparently, however, simply taking the paired mobile phone out of range – as you typically do every time you leave the house, for example – opens up the Chatter Phone up to everyone else again.
  3. The Chatter Phone can act like an intercom. When off the hook but not on a call, the device will relay audio back and forth to the mobile phone it’s paired with. A child who plays with the device could therefore end up in a creepy conversation with someone outside the household, or a Chatter Phone inadvertently left off-hook in your lounge or home office could turn into a bugging device.
  4. The Chatter Phone will auto-answer calls if left off the hook. In theory, this means that if the Chatter Phone is paired with and currently locked onto your own mobile phone, anyone calling your phone might end up snooping on the room. This could happen more easily than you think, for example if your child didn’t replace the receiver perfectly after making a pretend call.

(Try telling your kids that the Chatter Phone is NOT A TOY, even though it looks exactly like the one that Grandma dug out of the attic that IS A TOY.)

As PTP points out, the pairing-is-just-too-easy problem could be solved simply by adding a “press to pair” button on the phone itself, so that you would need physical access to the Chatter Phone to initiate a connection with it.

That way, the Chatter Phone wouldn’t be able to hookm up unintentionally with a stranger just because its currently paired phone went out of range (or ran out of battery, or had Bluetooth turned off).

And a simple timeout to shut down the Chatter Phone if the receiver remained “open-circuit” when it was neither making nor receiving a call would surely help with the other flaws.

If the Chatter Phone shut off its audio connection automatically when it obviously wasn’t in use, and would only re-activate if the receiver were deliberately placed back on the hook and then lifted up again, you’d probably feel much safer against accidental (or deliberate) audio eavesdropping.

What to do?

If you’ve already bought one of these funky NOT A TOYs, try to remember to turn it off when you aren’t actually using it.

Although that defeats the purpose slightly, we suspect that you won’t want to make or take all your calls on the Chatter Phone (it may not actually be a toy, but it certainly looks like one, and we can’t help but assume that the voice quality makes it sound like one).

So, turning it on only when you want to re-live your childhood…

…seems like a simple precaution, at least until Fisher-Price puts out a firmware update, assuming that there’s a way to update it.


Products You May Like

Articles You May Like

All-New Ransomware Coverage Opens Up the Path to Recovery
S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]
Canadian Sentenced 20 Years in US Prison For Ransomware Attacks
What is Doxxing?
See Yourself in Cyber – Five Quick Ways You Can Quickly Get Safer Online

Leave a Reply

Your email address will not be published.