Posted by David Harley on September 16, 2015.
Somehow, the Furby, a furry toy vaguely resembling a Mogwai (the cuddly pre-Gremlin version in Joe Dante’s films, rather than the demons of Chinese tradition1) has always invited a certain amount of paranoia, fuelled by (or perhaps fuelling) the interest of the hacking community.
As well as a fairly dumb discussion on the newsgroup alt.comp.virus about its potential as a virus vector, the details of which now escape me, it was the subject of a ban of sorts on airlines. More precisely, the Federal Aviation Authority recommended that ‘Furbys should not be on when the plane is below 10,000 feet’, and many airlines went as far as requiring passengers ‘to remove the batteries from their Furby dolls so that the electronic gizmos don’t interfere with navigational systems during takeoff and landing.’ This was as a result of the device’s being classified in the same group as other electronic devices such as laptops, cellphones, electronic games, and personal music devices.
‘Personal stereos’ at that point probably meant portable cassette and CD players rather than iPods and other mobile devices, of which modern versions certainly qualify as full-blown computers with communication capabilities that were still seen as somewhat futuristic around the turn of the century. So perhaps it’s not surprising that airlines continue to extend bans and restrictions to more or less anything that could be described as electronic. Better safe than splattered, I suppose, however unlikely it is that any dire consequences might ensure. I certainly know people who have found that their phone or iPod had switched itself back on during a flight without any impact (so to speak) on their safe travel and arrival. No statistics seem to be available on how many successful pocket calls have been made from 30,000 feet.
In 2002 I wrote:
Furbys were recently banned in ‘spy centres’ because they’re believed to be a possible source of information leakage. Apparently security chiefs believed that they learned phrases spoken around them and that they might therefore repeat secret information, making them a security risk. My daughter and I have spent many happy hours trying to persuade her furby to say “My hovercraft is full of eels”, preferably in a *Ukrainian accent, but have so far failed miserably. Neither the accompanying instruction manual nor www.furby.com seem to be aware of this splendid ability, but perhaps it’s undocumented, like the opcode which is supposed to enable a malicious hacker to burn out a Pentium motherboard.
*I suppose that should have been a Hungarian accent. Maybe that’s where we went wrong.
This particular ban seems to have been based on the widely-held belief that Furby’s learn to speak English rather than their ‘native’ Furbish (yes, I know…) in much the same way that humans are assumed to learn, by repeating what is said to them. Which may or may not be what Tiger Electronics initially wanted its young customers to believe: in any case, the product description for the Furby Boom still tells them to ‘Talk to your Furby and interact with it to teach it English and shape its personality’.
However, when the story broke, its executives went out of their way to point out that Furbys had no recording mechanism. As for the learning process, it appears that the ‘learning mechanism’ and repetition of speech was based on reinforcement of uttering pre-programmed phrases, not learning through mimicry. Apparently, petting the toy when it spoke encouraged it to repeat the phrase more often, but the only thing it was learning was the listening preferences of its owner. It is apparently designed to introduce more pre-programmed English phrases over time in order to reinforce the false impression that it is actually learning English. In any case, it appears that the NSA rescinded its ban. I’m not sure if it carried out any investigation into the reading ability and gullibility levels of its own executives, or into whether NSA-employed Furby owners were offered alternative stress alleviation strategies.
So what about the ‘hacking’ aspect? Mostly, this is concerned with hacking in its old-fashioned, non-pejorative/non-malicious sense, in particular with manipulating the toy’s audio and sensory inputs for circuit bending, specifically (in this case) to generate audio effects. However, an article from December 2013 by Michael Coppola – Reverse Engineering a Furby – demonstrates a wider interest, specifically in the inter-device protocol used by recent models, and pointed to earlier research on the events it understands.
In spite of Coppola’s invocation of the dreaded #badBIOS, inspired by the use of an audio protocol that encodes data into bursts of high-pitch frequencies for communication between the Furby and an iOS mobile app (or with other Furbys) that brings to mind Dragos Ruiu’s claims – not universally accepted – of the existence of malware that (among other things) communicates between infected devices using ultrahigh speaker frequencies, I’m not seeing a malware-friendly supertool here, though the articles concerned are actually fascinating, in a nerdish sort of way. However, that didn’t stop Coppola’s research being cited as having discovered ‘ vulnerabilities in the way the toy communicates with other Furby toys and its mobile app’ in an article sensationally entitled Valasek: Today’s Furby Bug is Tomorrow’s SCADA Vulnerability.
I wasn’t at the Security of Things event where Valasek talked about Coppola’s work, of course, but what he actually said turns out to be a little less sensational.
‘…low-impact research cannot be dismissed either. Not every IOT vulnerability is going to be high impact. You have to judge how technology that might be vulnerable today will be used in the future.’
Nor was I at the events in 2014 where Coppola apparently talked about a ‘delicious 0-day’, but I presume that it was interesting but, as Valasek puts it, low impact. A lot of effort involving various highly corrosive acids and an electronic microscope doesn’t seem to have uncovered all of Furby’s furry little secrets. Moving from what may be known to the next big thing in SCADA hype may be premature, even if it does result in another Establishment panic attack at some point.
My daughter moved on from Furby and Tamagotchi quite a few years ago, but if I found one of my grandchildren with one, I don’t think I’d be ripping it out of his or her hands and looking for the nearest junkyard with a car crusher just yet. And while I’m not about to underplay the risks to national infrastructure, it’s all too easy for speculation to spill over into fantasy.
1The mythological basis of the Dante films is quite interesting in itself: the cuddly Mogwai share a name with demons that have a great deal in common behaviourally with the vengeful spirits of Chinese tradition. Even their methods of reproduction and mutation bear some resemblance. The name Gremlin seems to have originated in RAF slang of the 1920s (or possibly earlier), used to describe creatures deemed responsible for ‘inexplicable’ mechanical failures, the term passing into wider currency through a book by Roald Dahl.Submitted in: David Harley |