• Home
  • Contact Us !
  • Privacy Policy
Snipblog
  • Home
  • News
  • Mobile
  • Internet News
  • Social Media
  • Real Estate
  • Gadgets
  • Education
  • Technology
  • Finance
  • Car 2K17-2K18
No Result
View All Result
  • Home
  • News
  • Mobile
  • Internet News
  • Social Media
  • Real Estate
  • Gadgets
  • Education
  • Technology
  • Finance
  • Car 2K17-2K18
No Result
View All Result
Snipblog
No Result
View All Result
Home Internet News

Hello Barbie, Can We Talk About Your Security Issues?

onkar by onkar
December 15, 2015
in Internet News, Technology
0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

hello-barbie-security-bluebox

New security issues that surfaced last week in connection with Mattel’s Hello Barbie doll, which talks back to kids, have heightened fears that hackers could use the toy to steal information about its owners and their families.

The Hello Barbie app, which is available for iOS and Android, uses an authentication credential that can be reused by hackers, Bluebox disclosed.

It also connects a mobile device to any unsecured WiFi network whose name includes the word “Barbie,” the firm said. Further, it is shipped with unused code that serves no useful function but does increase the overall attack surface.

On the server side, hackers could use client certification authentication credentials outside the app to probe the Hello Barbie cloud servers, Bluebox discovered. Also, the server domain for ToyTalk, which provides the app and the technology that powers Hello Barbie, was on a cloud infrastructure susceptible to the Poodle attack.

“The fact the doll was shipped with such obvious security issues is just another indication of both companies’ blatant disregard for children’s well-being,” said Josh Golin, executive director of CCFC: Campaign for a Commercial-Free Childhood, which is running the “Hell No Barbie” campaign against the talking doll.

Fixing the Problem

“ToyTalk has patched the Poodle vulnerability on their servers, along with a few other minor issues that had minimal impact,” said Andrew Blaich, lead security analyst at Bluebox.

However, the credentials issue “is still being worked on,” he told TechNewsWorld. “ToyTalk has indicated it is an issue and will be investigating solutions, but in the meantime they have other layers of authentication that can make an attack a little harder.”

ToyTalk assumed a sophisticated hacker would discover the P12 certificate in the Hello Barbie app, noted company CTO Martin Reddy.

“We added client certificate authentication, above and beyond what most Internet-connected devices do, as a way to deter a casual attacker,” he told TechNewsWorld.

This attack is only possible during the brief period needed for users to connect the doll to their WiFi networks, Reddy said, and it won’t get anywhere because “even after circumventing this feature, the attacker gains no access to WiFi passwords, no access to child audio data, and cannot change what the doll says.”

Previous Attacks

Hackers previously have been able to take over and change Hello Barbie’s prerecorded responses, noted security researcher Matthew Jakubowski, who said he had hacked the doll’s OS and gathered system information, WiFi network names, its internal MAC address, account IDs, and the MP3 files used for prerecorded responses.

That information could be used to access the home WiFi network of the doll’s owner and everything Hello Barbie records, he said.

Mattel and ToyTalk “have taken numerous steps to ensure Hello Barbie meets security and safety protocols,” Mattel said in a statement provided to TechNewsWorld by company spokesperson Marissa Beck.

“In all claims we know about, no children’s audio files were accessed; no passwords were compromised; no personal information was disclosed; and no dolls were made to say anything unintended.”

However, parents reportedly can choose to have audio files of conversations their kids have with Hello Barbie stored on ToyTalk’s website. The parents can access the files after logging in — but if hackers were to figure out their passwords, they could access the files as well.

Not So Smart Toys

There are presently no industry standards governing Internet-connected toys, or the IoT in general.

“Trusting the companies to protect kids will not work,” CCFC’s Golin said. “We absolutely need policy solutions to ensure these devices are secure and don’t serve up ads.”

Parents “have no way of knowing if the toy they’re purchasing was securely designed and developed,” Kymberlee Price, Bugcrowd’s senior director of research operations, told TechNewsWorld. “Underestimating the threat … has put hundreds of thousands of children and millions of parents at risk of identity theft, fraud or worse.”

[“source-technewsworld”]

Tags: ecurity Issues
Previous Post

Social Media Firms Face Quandary Over Terror Prevention

Next Post

Wii U at Long Last to Share Minecraft Gold

onkar

onkar

Next Post
Wii U at Long Last to Share Minecraft Gold

Wii U at Long Last to Share Minecraft Gold

  • Trending
  • Comments
  • Latest
The 3 Main Types of Scaffolding and What They are used for

The 3 Main Types of Scaffolding and What They are used for

December 18, 2016
Microsoft’s OneNote Can Now Help With Your Maths Homework

Microsoft’s OneNote Can Now Help With Your Maths Homework

September 3, 2016
A Brief History of Mayo Stands and Other Tools and Equipment

A Brief History of Mayo Stands and Other Tools and Equipment

October 25, 2016
Modest Fashion 2023: A Comprehensive Guide

Modest Fashion 2023: A Comprehensive Guide

May 26, 2023
Asus ZenFone 2 Variant With 4GB RAM, 16GB Inbuilt Storage Launched

Asus ZenFone 2 Variant With 4GB RAM, 16GB Inbuilt Storage Launched

0
Optical Fibre Laid in 68,000 Village Panchayats: Telecom Minister

Optical Fibre Laid in 68,000 Village Panchayats: Telecom Minister

0
iPhone 6s Sports 1.8GHz Dual-Core Apple A9 SoC in Certification Listing

iPhone 6s Sports 1.8GHz Dual-Core Apple A9 SoC in Certification Listing

0
Microsoft Targeting SMBs in Punjab, Haryana for Cloud Services

Microsoft Targeting SMBs in Punjab, Haryana for Cloud Services

0
How to Become Topper: 10 Easy Yet Practical Strategies

How to Become Topper: 10 Easy Yet Practical Strategies

May 30, 2025
You Could Use Some of Your Equity To Give Your Children the Gift of Home

You Could Use Some of Your Equity To Give Your Children the Gift of Home

May 20, 2025
Navigating Technological Challenges: How Redapt Can Drive Your Success

Navigating Technological Challenges: How Redapt Can Drive Your Success

May 10, 2025
7 benefits of mobile apps for businesses

7 benefits of mobile apps for businesses

May 5, 2025

Recent News

How to Become Topper: 10 Easy Yet Practical Strategies

How to Become Topper: 10 Easy Yet Practical Strategies

May 30, 2025
You Could Use Some of Your Equity To Give Your Children the Gift of Home

You Could Use Some of Your Equity To Give Your Children the Gift of Home

May 20, 2025
Navigating Technological Challenges: How Redapt Can Drive Your Success

Navigating Technological Challenges: How Redapt Can Drive Your Success

May 10, 2025
7 benefits of mobile apps for businesses

7 benefits of mobile apps for businesses

May 5, 2025
  • Home
  • Contact Us !
  • Privacy & Policy

No Result
View All Result
  • Home
  • News
  • Mobile
  • Internet News
  • Social Media
  • Real Estate
  • Gadgets
  • Education
  • Technology
  • Finance
  • Car 2K17-2K18