«
»

Star Wars BB-8 Toy Can Be Pwned By The Dark Side

One of the hottest toys out there at the moment is the BB-8 Droid from the new Star Wars movie that’s made by Sphero. But you may want to know that there’s a potential security issue that could become a really big problem for users if exploited correctly. Pen Test Partners has posted a blog post that shows that the toy is open to the influence of the Dark Side Of The Force:

I spent a few minutes poking around the Android app that controls the BB-8. It talks to the droid over Bluetooth. There’s no PIN security in the pairing process, but I haven’t got round to investigating whether there’s anything that can be done there.

Various sources have indicated that around 15% or more of all Android apps in the Play store have issues with unprotected communication over the internet. That certainly correlates with our findings when testing Android apps.

So I spent some time rummaging around and MITM’d the wireless connection.

And here’s what I found. If you force a firmware update, it goes over HTTP. No SSL. Fail!

MITM is an acronym for Man In The Middle Attack. In other words, a sith lord hacker could leverage a connection between the toy and an Android phone to do other evil things. At least in theory. But the question is if you have to worry or not. Here’s the answer:

What could you do with this?

Frankly, not a lot right now. That’s why I’m talking about it in public before an update has been published. There doesn’t appear to be any personal data on the mobile app or the droid. There are no particularly useful sensors on it either, so it’s not like it could be used for spying on the user.

There would have to be a near perfect storm in order to exploit this usefully: If there was a current vulnerability in the Android (or iOS) Bluetooth stack (we’re not aware of one) and the victim has a BB-8 and they do a firmware update whilst an attacker is in the locale then something could be compromised.

So, here’s the bottom line:

WE LOVE BB-8. Great toy Sphero!

But, Sphero could do a little better and implement SSL for their firmware updates. That this simple bug was missed suggests that security assurance could be more thorough. Maybe they accepted the risk, given it isn’t a show-stopping vulnerability.

Though, they did a great job of acknowledging the bug and have a plan to get it fixed. A cool vendor.

When the update comes out, owners should apply it ASAP. That way you can keep BB-8 from potentially turning to The Dark Side Of The Force.

This entry was posted on January 8, 2016 at 3:20 pm and is filed under Commentary with tags , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Star Wars BB-8 Toy Can Be Pwned By The Dark Side”

  1. Data From Kids Toys Leaked And Ransomed | The IT Nerd Says:
    February 28, 2017 at 10:01 am

    […] kids toys and their relative insecurity for a while now and I will cite these examples why you may not want to give your kids a connected toy as a gift. Now comes the worst example of this that I have […]

    Reply

Leave a Reply to Data From Kids Toys Leaked And Ransomed | The IT NerdCancel reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading