Hello, Barbie. Can we talk? Security researchers are worried about your safety.
New data released Friday by security firm Bluebox reveals even more vulnerabilities in Hello Barbie, the $75 Internet-connected doll from Mattel. Researchers found the application and the cloud server that connect the doll to the Internet could allow attackers to cut through security protections and access recordings of children’s conversations with Barbie. That’s probably enough to put Barbie on the naughty list this holiday.
Friday’s revelation about the iconic doll follows a related problem made public last week by a different researcher, Matt Jakubowski. The researcher said he’d discovered a flaw that could allow hackers to pinpoint home addresses of doll owners.
Barbie isn’t the only toy having difficulty safely connecting to the Internet. Last month, hackers stole account information of more than 6.4 million children who used Learning Lodge, an Internet-connected toy made by VTech. The company has since hired a high-profile cybersecurity incident response team to help deal with the aftermath.
As parents gear up to purchase these and other Internet-connected toys for the holidays, Mattel and software maker ToyTalk are racing to patch the problems to make Hello Barbie secure.
ToyTalk has fixed some of the flaws in the software it built for Hello Barbie and is working its way through the others. The company also set up a “bug bounty” program about two weeks ago to streamline reporting from any other researchers looking into the doll’s software.
Despite the recent flurry of software patches for Hello Barbie, ToyTalk executive Martin Reddy said the company built in security features from the very beginning and had a cybersecurity company audit the toy before taking it to market.
“Security has been a major focus throughout the entire process, and I think we’ve done a very good job of it,” Reddy said. “I’m very proud of the [doll.]”
A Trojan horse of a different sort
The way Barbie works seems magical at first glance. Children talk with Barbie, and her necklace lights up to show she’s listening. Then, she talks back. Behind the scenes, the doll wirelessly talks to a companion app and ToyTalk’s service on the Internet.
A hack on the doll’s software could have wide-ranging consequences. Once Jakubowski opened up one Hello Barbie doll and hacked it, the toy became a gateway for him to send signals wirelessly to other Hello Barbies connected to the Internet. Meanwhile, the Bluebox researchers have found flaws in the companion app, as well as ToyTalk’s website account service.
Hackers could “potentially take the voice recordings and…reconstruct it as the child recorded it. Or, as the 36-year-old security researcher recorded it,” said Andrew Hay, who helped Bluebox research the doll.
The good news is that the flaws are apparently easy to fix, and so far there aren’t any indications that any hackers have actually used them on real-life children at play. All told, the flaws were not exactly direct paths to Hello Barbie’s beating heart.
What’s more, not all Internet-connected dolls are made similarly. For example, the My Friend Cayla doll also talks with children, but she doesn’t record conversations or send recordings to the cloud like Barbie does. Tim Medin, a security researcher at Counter Hack, attempted to hack Cayla in January and came up with a few flaws that required hackers to get physical access to the doll or at least get very close.
In the process, he made Cayla respond to him with some foul comments, which did get some negative attention for the doll. But unlike with Hello Barbie, researchers needed physical access to Cayla, and the doll wasn’t susceptible to attacks over the Internet.
“Cayla was basically the subject of a tech prank,” said Peter Magalhaes, general manager of Cayla manufacturer Genesis.
For Barbie, not so much.
Article source: http://cnet.com.feedsportal.com/c/34938/f/645093/s/4bff756c/sc/28/l/0L0Scnet0N0Cnews0Chello0Eheadaches0Ebarbie0Eof0Ethe0Einternet0Eage0Ehas0Eeven0Emore0Esecurity0Eflaws0C0Tftag0FCAD590Aa51e/story01.htm