Flycatcher Toys smART Sketcher Missing Authentication Vulnerability in Bluetooth Low Energy Interface

A vulnerability exists in the Flycatcher Toys smART Sketcher Bluetooth-enabled drawing device, specifically in versions up to 2.0. The issue arises from the Bluetooth Low Energy (BLE) interface, which lacks proper authentication. This flaw allows an unauthenticated attacker within local network range to connect to the device, upload arbitrary images that are immediately displayed, and control device functions without user knowledge or authorization. The vulnerability is particularly concerning as it could enable the display of inappropriate content to children using the device.

Impact

Exploitation of this vulnerability allows for unauthorized control of the device, including the ability to upload and display images, potentially leading to the exposure of inappropriate content to children.

Reproduction

The vulnerability can be reproduced by connecting to the smART Sketcher device via Bluetooth Low Energy without any form of authentication. Once connected, arbitrary images can be uploaded to the device, which will display them immediately.