This Teddy Ruxpin's been watching too much of a certain mid-'90s movie.
The animatronic teddy bear turned on with a pleasant tone, saying hi to its friends and getting ready for story time. Then its eyes changed to the Defcon logo, and it started screaming, "Hack the planet!"
An '80s sensation best known for telling stories to kids with a cassette tape, Teddy Ruxpin made its comeback last September, with an upgrade after 30 years. The original animatronic toy now has LCD eyes and a Bluetooth-connected app, through which you upload stories.
The children's plaything is supposed to only tell stories that are approved and uploaded, but Amir Etemadieh, a senior research scientist at security company Cylance, found he could get the fuzzy friend to say anything he wanted it to.
Wicked Cool Toys, the maker of Teddy Ruxpin, did not respond to a request for comment.
Etemadieh showed off his findings at Defcon, a massive hacker conference in Las Vegas, on Friday.
Teddy's Hackers-inspired monologue is just the latest instance of a connected toy struggling with security, even if this exploit was benign. But other more major problem toys have put the private information of children at risk. As the proliferation of connected devices -- from everything to speakers to washing machines -- continues, hackers are finding ways to exploit homes or businesses with objects once deemed harmless.
So when Etemadieh stumbled across the new Teddy Ruxpin for his 1-year-old son, he had concerns.
He had every right to. He's spent the last decade taking apart internet-of-hings devices and searching for vulnerabilities, spotting security issues and disclosing them to companies. Taking apart internet-connected toys was just the next step, he said.
"I don't feel comfortable introducing these to my family or my network without giving it a poke to see how secure it is," Etemadieh said in an interview prior to Defcon.
He got to work on Teddy Ruxpin to see if it was safe for his family. He didn't find any causes for concerns with the toy's security, but he did find an interesting loophole that allowed him to upload image and audio files to the bear.
During his research, Etemadieh went through five Teddy Ruxpins -- one to completely break apart to see its hardware, one to tinker with the software, two backups, and one that his son couldn't let go of.
"My kid instantly saw it and was attached to it," he said. "He doesn't quite understand security research or the idea that this is dad's work."
The hack isn't as simple as just uploading the images, though.
Ruxpin's eyes display images, but they have to be formatted to 128x by 128 pixels to fit its 1.25-inch screen. The audio also has to be a specific format of .WAV file, he said.
Teddy Ruxpin only plays files in a custom SNX ROM format, so you'd then have to run the audio and image files through a converter that Etemadieh created.
Once that's ready, you have to plug in the Teddy Ruxpin and put those files on a storybook file that already exists on the teddy bear. Essentially, you're replacing the audio and images for an existing storybook with what you've uploaded, since you can't create a completely new storybook.
Etemadieh said he hasn't yet put any custom content on Teddy Ruxpin for his own kid -- it's too labor-intensive. While you're able to modify what the bear says and shows, in Teddy Ruxpin's original stories there's a lot of work that goes into the storytelling voice and facial expressions on cue.
His modifications are fine to show off for the crowd of hackers at Defcon, but not really something a kid would enjoy, he said.
"There's the novelty of making it say things you wouldn't expect a teddy bear to say," he said. "But the idea of making it tell a story is a pretty difficult thing to do."
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
'Alexa, be more human': Inside Amazon's effort to make its voice assistant smarter, chattier and more like you.