DEF CON 2018: Dissecting the Teddy Ruxpin - Reverse Engineering the Smart Bear
The Teddy Ruxpin is an iconic toy from the 1980's in the form of an animatronic teddy bear that reads stories from cassette tapes to children.
In late 2017, a new model of the toy was released with improvements including Bluetooth connectivity, LCD eyes, and a companion mobile application.
“Teddy Ruxpin is a ‘smart bear’ originally released in the 1980s but recreated with new features and re-released last year,” said Zenofex, the Research Scientist leading the DEF CON session on the subject.
“The new version of the bear is built for children to read along with a mobile application and features LCD displays for each eye, allowing for animations to be played based on the story being read. Like the previous iteration, the bear also features a moving mouth and speakers which are synchronized together to simulate speech.”
While the new bear features a number of improvements, the Teddy Ruxpin's original ability to add new stories by replacing the included cassettes is no longer applicable, and it requires users to supply files to the bear in a proprietary format.
“At DEF CON 26, I will present my research on how the Teddy Ruxpin hardware is utilized to allow for it to read and display content to users through the bear’s LCD eyes, speakers, and synchronized mouth,” Zenofex explained.
“I will also examine Teddy Ruxpin’s storybook format and Bluetooth connectivity used to provide interaction between itself and mobile devices. The presentation will then end with a demo showcasing the bear outputting and displaying custom created content.”
This DEF CON presentation aims to show how the new Teddy Ruxpin was reverse engineered down to a very low level in order to create new content. Zenofex will reveal the inner workings of the hardware and software within the bear and document the process used to reverse engineer it.
He will then examine the communication between the mobile application and Teddy Ruxpin, as well as the custom structure of the digital books read by the bear.
Zenofex will end the presentation by releasing a toolset that allows users to create their own stories, followed by a demo showcasing the Teddy Ruxpin greeting the DEFCON audience.
Session: Friday at 13:00 in 101 Track, Flamingo
Presenter: Zenofex (@Zenofex) is a Senior Research Scientist at Cylance. Zenofex founded the Exploitee.rs which is a public research group that has released exploits for over 65 devices, including the Amazon FireTV, Roku Media Player and the Google Chromecast. Zenofex is also a member of Austin Hackers (AHA) and has spoken at a number of security conferences, including BlackHat and DEF CON.