Well, this is pretty creepy. Did you know there is a Hello Barbie doll that listens to what children sayand responds to them with voice recognition via the Internet? Well, there is and a report has found a security flaw in the doll that means hackers could have quite easilygained access to the voice recordings.
According to researchers from security firm Bluebox Labs and independent researcher Andrew Hay, it is possible that hackers could intercept encrypted data that the toy, made by Mattel and ToyTalk, sent to its host servers over Internet via Wi-Fi, such as childrens recordings. It should be noted that there were no actual reports of this occurring the research simply outlined this was a possibility.
As more and more stuff is connected to the network and were sending more stuff to servers that we dont know where they may be located and what sort of security is on them, the best advice for parents is to be careful and be aware of what information theyre sending through internet connected devices, Andrew Blaich, a researcher at Bluebox Labs, told Motherboard. Once the information is out of your control you dont know whats going to happen with it next.
The researchers published a report last week detailing the security flaw in the toy. It alleges that ToyTalk used outdated encryption technology that was known to be vulnerable to a well-known attack, known as a POODLE attack. Itinvolvesdowngrading the toy’s software to make it accessible, allowing any voice recorded on it to be listened to.
ToyTalk say they have now patched the problem. In a statement to Gizmodoitsaid: We have been working with Bluebox and appreciate their Responsible Disclosure of issues with respect to Hello Barbie. We are grateful that they informed us of relevant security vulnerabilities, which have been addressed.
The report does serve to highlight, though, that as more and more products use Internet connectivity yes, the dreaded overused term Internet of things security needs to be taken seriously.
Read more: www.iflscience.com