Your Barbie Could Be Spying On You

Jonathan O'Callaghan

Senior Staff Writer

Published

18 Your Barbie Could Be Spying On You — The doll in question. Mike Licht, NotionsCapital.com, CC BY 2.0

Well, this is pretty creepy. Did you know there is a Hello Barbie doll that listens to what children say and responds to them with voice recognition via the Internet? Well, there is – and a report has found a security flaw in the doll that means hackers could have quite easily gained access to the voice recordings.

According to researchers from security firm Bluebox Labs and independent researcher Andrew Hay, it is possible that hackers could intercept encrypted data that the toy, made by Mattel and ToyTalk, sent to its host servers over Internet via Wi-Fi, such as children’s recordings. It should be noted that there were no actual reports of this occurring – the research simply outlined this was a possibility.

“As more and more stuff is connected to the network and we’re sending more stuff to servers that we don’t know where they may be located and what sort of security is on them, the best advice for parents is to be careful and be aware of what information they’re sending through internet connected devices,” Andrew Blaich, a researcher at Bluebox Labs, told Motherboard. “Once the information is out of your control you don’t know what’s going to happen with it next.”

The researchers published a report last week detailing the security flaw in the toy. It alleges that ToyTalk used outdated encryption technology that was known to be vulnerable to a well-known attack, known as a POODLE attack. It involves downgrading the toy's software to make it accessible, allowing any voice recorded on it to be listened to.

ToyTalk say they have now patched the problem. In a statement to Gizmodo it said: “We have been working with Bluebox and appreciate their Responsible Disclosure of issues with respect to Hello Barbie. We are grateful that they informed us of relevant security vulnerabilities, which have been addressed.”

The report does serve to highlight, though, that as more and more products use Internet connectivity – yes, the dreaded overused term “Internet of things” – security needs to be taken seriously.

^{Main image credit: Mike Licht, NotionsCapital.com, CC BY 2.0}

Technology

Wi-Fi,
Hello Barbie,
hack,
toy,
doll,
security flaw

Your Barbie Could Be Spying On You

Australian Firm Obtains Mammoth DNA Sequence, Makes Mammoth Meatballs

Does Everyone Have An Imagination? Find Out In Issue 9 Of CURIOUS – Out Now

Twitter Is Likely Worth Half What Elon Musk Paid For It, According To Elon Musk Memo

WHO Announces 8 More Cases Of Highly Fatal Marburg Virus Disease

The Only Treatment For Rabies Involves Doctors Almost Killing You

World’s Most Venomous Octopus Bites Woman Multiple Times, And She Survives

People Are Less Satisfied With Their Marriage If Their Partner Has Social Anhedonia

A Colossal Ecosystem Teeming With Life Is Below Earth's Surface

Galaxy Gets Reclassified Now Its Supermassive Black Hole Is Shooting Straight At Us

This Small, Vibrating Bracelet Might Change Your Life

Don't Travel Without These CES-Featured Translation Earbuds

Stay Warm in a Blackout with this CES-Featured Power Station

Listen To The Sounds Of Ancient Languages Being Spoken, From Egyptian To Aztec

People Just Tested The Cold War's Weirdest Weapon Idea In The Desert

How To Take Award-Winning Photos Of Space