A remote control toy featuring a character from the new “Star Wars” movie has been found to have a software vulnerability that could allow hackers to take control of the device.
The Register reports that security research company Pen Test Partners discovered a vulnerability in the update process that links the BB-8 toy to the Android app that pairs with the device.
BB-8 is a character from the new “Star Wars” movie, and technology company Sphero released a remote control toy that lets people control the spinning ball character via a smartphone.
The toy became a hit, and has even been called a “must-have” gift for Christmas.
Pen Test Partners looked into the software that powers the toy and found that updates are sent unencrypted over the internet. That means that, in theory, a hacker could install their own update on the toy.
There’s little chance of a hack on the toy actually happening, but the flaw is there. The research company says that there’s the possibility it could modify the toy to move around on its own, or play different sounds.
The company that makes the toy, Sphero, has promised to update the Android software in the future, meaning that devices kept up to date can’t be hacked.