
Don't Feed Them After Midnight: Reverse-Engineering the Furby Connect - pdjstone
https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect
======
AdamJacobMuller
Site is down for me. archive.org works:
[http://web.archive.org/web/20171124170013/https://www.contex...](http://web.archive.org/web/20171124170013/https://www.contextis.com/blog/dont-
feed-them-after-midnight-reverse-engineering-the-furby-connect)

------
cjsuk
All it takes is a single goatse to appear on one child's furby's eyes or on a
demo unit in a shop and the brand is ruined. I think they need to reconsider
that response.

~~~
_wmd
Perhaps you're unaware that an earlier edition of this product had a bug that
made the device randomly speak with a terrifying satanic voice. My niece
experienced it first hand

~~~
DKnoll
I had one when I was a kid. Hilariously it did the satanic voice after I threw
it against a wall. Didn't do that again.

------
beilabs
This could be the perfect thing to announce a failing code build.....begone
old traffic light systems, Jenkins + Furby could be a thing of beauty.

------
rfrey
Company response is "Yeah, that's way too hard, nobody can do that".

------
dmitrygr
Company response is so typical, it hurts to read.

~~~
Nullabillity
Why? As long as it doesn't have a microphone/camera then this sounds like a
positive.

~~~
bpicolo
And they don't collect any sort of personal data. Hasbro did a pretty solid
job here minimizing risk surface area.

~~~
dmitrygr
Bluetooth LE range is easily magnified with a cantenna. The device will play
audio sent to it over an unencrypted unauthenticated link to your kids. Also
it will show videos sent over the same link (but they must be small because
eyes are small)

Both of these are problems for some parents.

------
libeclipse
Why don't they just enable basic Bluetooth security features instead of saying
that it's too hard to exploit and leaving it at that?

Excellent write-up though.

~~~
bonzini
Are those features included in BLE? AFAIK it's a completely separate protocol
than regular Bluetooth.

~~~
tokenizerrr
BLE supports pairing and bonding. It is optional, by default every connection
is unencrypted and unauthenticated.

~~~
pbhjpbhj
Pairing is a big paint point though AIUI, releasing this toy with the need to
pair it first would probably have cost them significant numbers of returns.
Not saying it's justified, but ...

Perhaps they could give away an optional tin-foil suit for furbies of owners
who have security concerns!

~~~
tokenizerrr
Oh yeah, totally. BLE support on both android and iOS is lacking. Older
versions of android, and I believe all versions of iOS (please correct me if
I'm wrong) do not offer a programmatic way of supplying the pin for pairing.
This means that when you programmatically connect to a BLE device from an app,
the user will get a pin prompt. This prompt covers most of the screen so it
really is a pain.

Though for the furby it shouldn't be too bad. Just display the pin on one of
its eyes.

------
jstanley
The company response stated:

> A tremendous amount of engineering would be required to reverse engineer the
> product as well as to create new firmware.

Which implies they failed to understand what they were being told. The
engineering required to do this exploit has already been done, so it doesn't
matter how hard it is. Once it's been done, it's been done.

------
SweetBuddha
I believe they ought to reevaluate that reaction.

------
strictnein
But it's always after midnight

------
barry0079
"while the FURBY CONNECT toy is in a "woke" state" I couldn't help but chuckle
at this.

~~~
libeclipse
woke asf

