Toucan play that game: Talking toy bird hacked

Parroting Cayla... if she were a bit more sweary

The same researchers whose hack on the My Friend Cayla doll prompted regulatory action have followed up with a hack on a talking toy robot bird.

My Friend Cayla and i-Que robot

Creepy Cayla doll violates liberté publique, screams French data protection agency


Researchers from UK security consultancy Pen Test Partners found that it was child’s play to turn the Teksta Toucan talking toy into a potty-mouth. In homage to The Fast Show the Toucan was induced to swear like Unlucky Alf’s parrot, as the video (below) illustrates.

“We knew that the Toucan had much in common with My Friend Cayla and iQue, so had a go at the same attacks, explained Pen Test Partner’s Ken Munro.

El Reg understands that Toucan is manufactured by the same vendor that makes iQue and Cayla, Genesis Industries Ltd of Hong Kong, and we have asked it for comment.

Two hack methods were quickly uncovered. Firstly, the Toucan is a Bluetooth audio device. It has a microphone and speaker, so it’s possible to simply pair it to a Bluetooth audio device (laptop, phone etc) and play some audio through the Toucan.

The Toucan works in a slightly different method to Cayla. The audio files are .mp3 contained in an OBB. The second (slightly trickier) hack involves extracting the Android package in the same way as PTP did with the Cayla hack and simply change the mp3 to a sweary one of your choice.

The iQue smart robot and Cayla were banned by the German telecommunications regulator a few months back. French regulators acted against Cayla earlier this week.

“Of more concern is that one can use the microphone too. Yes, just like Cayla, a third party can snoop on your kids and your house,” Munro said. “We are in the process of reporting this to the German telecommunications regulator in the hope of another ban being issued.”

Youtube Video

Munro advised parents not to buy the toys and said, if they had one already, they should take it back to the shop.

In a barbed remark to manufacturers, Munro concludes that if vendors took the trouble to take even the most basic security steps towards securing smart toys then this sort of attack wouldn’t be possible. ®

Similar topics

Other stories you might like

  • What if ransomware evolved to hit IoT in the enterprise?
    Proof-of-concept lab work demos potential future threat

    Forescout researchers have demonstrated how ransomware could spread through an enterprise from vulnerable Internet-of-Things gear.

    The security firm's Vedere Labs team said it developed a proof-of-concept strain of this type of next-generation malware, which they called R4IoT. After gaining initial access via IoT devices, the malware moves laterally through the IT network, deploying ransomware and cryptocurrency miners while also exfiltrating data, before taking advantage of operational technology (OT) systems to potentially physically disrupt critical business operations, such as pipelines or manufacturing equipment.

    In other words: a complete albeit theoretical corporate nightmare.

    Continue reading
  • DeadBolt ransomware takes another shot at QNAP storage
    Keep boxes updated and protected to avoid a NAS-ty shock

    QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.

    The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor's users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

    The previous attacks occurred in January, March, and May.

    Continue reading
  • Ubuntu releases Core 22: Its IoT and edge distro
    A tougher nut to crack than the regular flavor, some will find it very tasty

    Canonical's Linux distro for edge devices and the Internet of Things, Ubuntu Core 22, is out.

    This is the fourth release of Ubuntu Core, and as you might guess from the version number, it's based on the current Long Term Support release of Ubuntu, version 22.04.

    Ubuntu Core is quite a different product from normal Ubuntu, even the text-only Ubuntu Server. Core has no conventional package manager, just Snap, and the OS itself is built from Snap packages. Snap installations and updates are transactional: this means that either they succeed completely, or the OS automatically rolls them back, leaving no trace except an entry in a log file.

    Continue reading

Biting the hand that feeds IT © 1998–2022