Friday, October 28, 2016

No concept of security for the Internet of Things - Love2learn Elmo

They are calling this 'low energy bluetooth' but it scans as Classic.  It has a huge range.  I didn't give this a good review because the bluetooth is always on, and always discoverable.  They should have put in a button to turn the bluetooth off.  Here is their response after I wrote to them.

Recently you requested personal assistance from our on-line support center. Below is a summary of your request and our response. If this issue is not resolved to your satisfaction, you may reopen it within the next 90 days. Thank you for allowing us to be of service to you.
To access your question from our support site, click here
Bluetooth security for Love2learn App

Response By Email (Kassandra) (10/28/2016 12:36 PM)
Hi Harold,

Thank you for your patience. The Love2Learn Elmo connected experience is designed with privacy in mind, and is certified by Entertainment Software Rating Board ("ESRB")  for compliance with applicable laws. Visit the ESRB web site for more information:

Elmo has a private mode that can be set by the user's App in a public place. When in this mode, the toy will not mention the child’s personal information. Also, personal information is limited to the name of the child and their favorite colors, animals, etc. This information can only be accessed by a guardian as it requires a password and the doll can only be accessed via the Bluetooth smart connection feature of their personal device, which would be a low energy connection.

I hope this information was helpful! Have a great weekend!


Response By Email (Laure) (10/25/2016 10:20 AM)
Hi Harold,

Thank you for contacting Hasbro.

I'm pleased to reply.  I will check with our team and get back to you as soon as possible with more information on this matter.

Again, I'd like to thank you for taking the time to reach out to us.

I hope you have a fun day!

Kind regards,
Customer By CSS Web (Harold Asmis) (10/24/2016 04:38 PM)
I am reviewing love2learn Elmo for Amazon. Please give a security note regarding the bluetooth connection. I have scanned and found it is classic bluetooth, probably at 100 feet. I am concerned about hijacking in public venues. Please outline security measures. Many thanks.

Perhaps people don't really care that much, but it would be fun to turn it into "Hellmo The Potty-Mouth Demon"  :)

No comments: