Privacy advocates try to keep ‘creepy,’ ‘eavesdropping’ Hello Barbie from hitting shelves – The Washington Post
http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/11/privacy-advocates-try-to-keep-creepy-eavesdropping-hello-barbie-from-hitting-shelves/
Posted from WordPress for Android
6 Comments
Tomi Engdahl says:
Mattel urged to scrap Wi-Fi mic Barbie after Register investigation
Won’t someone think of the children? asks pressure group
http://www.theregister.co.uk/2015/03/12/consumer_group_petitions_mattel_to_pull_wifi_enabled_barbie/
Privacy activists are urging Mattel to axe its Hello Barbie doll, which sends recordings of children’s voices across the internet for voice-recognition analysis.
The improbably proportioned doll is fitted with a small embedded computer, a microphone, a speaker and a Wi-Fi interface. When the toy’s belt buckle is pressed, Barbie asks a question, and records what the child answers. This reply is encoded and encrypted, and sent over the internet to servers to be processed by voice-recognition software.
That software then sends back a command to the doll to playback a reply stored in the toy. Barbie is programmed with various questions, jokes and quips, which are picked by the backend software in response to whatever the kid wants to talk about.
This is supposed to convince youngsters that Barbie is a kind and thoughtful miniature friend. Meanwhile, the backend systems can email reports to parents on what their tykes are nattering about.
“Computer algorithms can’t replace — and should not displace—the nuanced responsiveness of caring people interacting with one another,” said pediatrician and CCFC Board member Dr Dipesh Navsaria, assistant professor at the University of Wisconsin School of Medicine and Public Health.
“All of ToyTalk’s products in market have been designed to meet or exceed the Children’s Online Privacy Protection Act (COPPA) and have also been independently verified as such by KidSAFE+,” Oren Jacob, CEO of ToyTalk, told The Register today.
“While the underlying technology of our products works much like Siri, Google Now, and Cortana, ToyTalk products never search the open web for answers. Responses are carefully crafted by our own writing team, and conversations recorded through our products are never used to advertise or market to children or anyone.
Tomi Engdahl says:
“Hello Barbie” Under the Knife
http://hackaday.com/2015/11/24/hello-barbie-records-your-children/
In February, Google and Mattel introduced their Hello Barbie Internet-connected toy. This Barbie has an internal microphone, a WiFi connection to Google’s voice recognition services, and a speaker to carry on a “conversation” with the targeted child.
Like the folks at Somerset Recon, we’d say that this is an Internet of Things (IoT) device that’s just begging for a teardown, and we’re totally looking forward to their next installment when they pore through the firmware.
On the hardware front, Barbie looks exactly like what you’d expect on the inside. A Marvell 88MW300 WiFi SoC talks to a 24-bit (!) audio codec chip, and runs code from a 16Mbit flash ROM. There’s some battery management, and what totally looks like a JTAG port. There’s not much else, because all the brains are “in the cloud” as you kids say these days.
Hello Barbie Security: Part 1 – Teardown
http://www.somersetrecon.com/blog/2015/11/20/hello-barbie-security-part-1-teardown
Tomi Engdahl says:
Hello Barbie controversy re-ignited with insecurity claims
Doll leaks data, even before the tear-downs are finished
http://www.theregister.co.uk/2015/11/29/hello_barbie_controversy_reignited_with_insecurity_claims/
Back in February, The Register queried the security and privacy implications of Mattel’s “Hello Barbie”, and now the doll has hit the shelves, a prominent security researcher has turned up the first security problems with the toy.
After an initial flurry of concern, the issue went quiet, but last Friday Matt Jakubowski (formerly of Trustwave’s SpiderLabs) reignited it by extracting Wi-Fi network names, account IDs, and MP3 files from the toy.
That brought a defensive response from Oren Jacob, CEO of ToyTalk (which provides the cloud processing chunk of Hello Barbie). He called Jakubowski an “enthusiastic researcher”, said the data is “already available” to customers, and “no major security or privacy protections have been compromised”.
While it’s probably easier to get an SSID by standing outside a house and letting it pop up on your phone’s Wi-Fi connection list, an account ID is another matter, since all an attacker needs is to get a password and they have access to the Hello Barbie account.
From ToyTalk’s point of view – and Vulture South’s – that still looks like an unlikely scenario: is it worth staging a user-by-user attack against a child’s doll?
However, in the wake of the weekend’s breach of toymaker VTech, the question of children’s privacy is now on a few million minds.
Troy Hunt (of HaveIbeenpwned fame) writes about the VTech breach here, and some of his concerns regarding VTech are relevant to Hello Barbie: is it a good idea to extend children’s digital footprints to links between physical and digital assets, when they’re too young to understand notions of consent?
The other obvious question is how long Hello Barbie’s remaining security can last.
Tomi Engdahl says:
Hackers can hijack Wi-Fi Hello Barbie to spy on your children
http://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children
Security researcher warns hackers could steal personal information and turn the microphone of the doll into a surveillance device
Mattel’s latest Wi-Fi enabled Barbie doll can easily be hacked to turn it into a surveillance device for spying on children and listening into conversations without the owner’s knowledge.
The Hello Barbie doll is billed as the world’s first “interactive doll” capable of listening to a child and responding via voice, in a similar way to Apple’s Siri, Google’s Now and Microsoft’s Cortana.
It connects to the internet via Wi-Fi and has a microphone to record children and send that information off to third-parties for processing before responding with natural language responses.
But US security researcher Matt Jakubowski discovered that when connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.
Jakubowski told NBC: “You can take that information and find out a person’s house or business. It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.”
Once Jakubowski took control of where the data was sent the snooping possibilities were apparent. The doll only listens in on a conversation when a button is pressed and the recorded audio is encrypted before being sent over the internet, but once a hacker has control of the doll the privacy features could be overridden.
It was the ease with which the doll was compromise that was most concerning. The information stored by the doll could allow hackers to take over a home Wi-Fi network and from there gain access to other internet connected devices, steal personal information and cause other problems for the owners, potentially without their knowledge.
With a Hello Barbie in the hands of a child and carried everywhere they and their parents go, it could be the ultimate in audio surveillance device for miscreant hackers.
ToyTalk’s chief executive Oren Jacob said: “An enthusiastic researcher has reported finding some device data and called that a hack.”
Mattel, the manufacturers of Hello Barbie, did not respond to requests for comment.
New Wi-Fi-Enabled Barbie Can Be Hacked, Researchers Say
http://www.nbcchicago.com/investigations/WEB-10p-pkg-Surveillance-Toy_Leitner_Chicago-353434911.html#ixzz3szkhUcYi
The world’s first interactive Barbie doll is raising concerns with privacy and security experts. NBC 5′s Investigative Reporter Tammy Leitner reports.
Tomi Engdahl says:
Andrea Peterson / Washington Post:
Experts found critical flaws in systems behind Internet-connected doll Hello Barbie, which responded to kids’ queries; ToyTalk has patched the major bugs
Hello (hackable) Barbie
https://www.washingtonpost.com/news/the-switch/wp/2015/12/04/hello-hackable-barbie/
Toys that talk back are some of the hottest holidays gifts this year. And they may soon be hot items for hackers.
Cybersecurity researchers uncovered a number of major security flaws in systems behind Hello Barbie, an Internet-connected doll that listens to children and uses artificial intelligence to respond. Vulnerabilities in the mobile app and cloud storage used by the doll could have allowed hackers to eavesdrop on even the most intimate of those play sessions, according to a report released Friday by Bluebox Security and independent security researcher Andrew Hay.
“We are aware of the Bluebox Security Report and are working closely with ToyTalk to ensure the safety and security of Hello Barbie,” said Mattel spokesperson Michelle Chidoni in an emailed statement.
But the news comes on the heels of a major breach at VTech, a Hong Kong-based seller of toys for toddlers and young children, which exposed profiles on more than 6 million children around the world. And Hello Barbie’s security issues are yet another sign that Internet-connected devices are making their way into children’s hands with problems that leave privacy at risk.
“It’s really important that if you want to use these connected toys, no matter if it’s a doll or a tablet, you be really careful about what information is being sent to and from the servers, and how it’s secured,” said Andrew Blaich, lead security analyst at Bluebox. “Once data is out of your control, that’s it — there’s no taking it back, essentially.”
Consumer advocates raised alarm bells about Hello Barbie before the security flaws were uncovered. In fact, even before Hello Barbie was released, they circulated a petition that called the doll “creepy.”
The doll’s talking features work by recording a child when he or she presses a button on its stomach and sends the audio file over the Internet to a server where it is processed. The doll then responds with one of thousands of prerecorded messages. Parents must consent to the doll’s terms of use and set it up via a mobile app.
But the researchers say that they discovered that the app contained a number of security problems, including that digital certificates, which are supposed to confirm the legitimacy of the connection between the doll and the app, used a “hardcoded” password
The researchers also say that the secure connection between the doll and the server was vulnerable to a highly publicized attack disclosed last year. Known as POODLE, it allows an attacker to trick servers to use a weak form of encryption one could easily crack after intercepting the data, Hay said. The company has now fixed this problem, Reddy said.
However, even with that caveat, experts say the doll’s security problems may open the companies up to action from the Federal Trade Commission, which cracks down on when companies violate their privacy promises, because consumers probably expect that reasonable measures include protecting against well-known security flaws such as POODLE.
Tomi Engdahl says:
“Hello Barbie” Not an IoT Nightmare After All
http://hackaday.com/2016/01/29/hello-barbie-not-an-iot-nightmare-after-all/
Security researchers can be a grim crowd. Everything, when looked at closely enough, is insecure at some level, and this leads to a lot of pessimism in the industry. So it’s a bit of a shock to see a security report that’s filled with neither doom nor gloom.
We’d previously covered Somerset Recon’s initial teardown of “Hello Barbie” and were waiting with bated breath for the firmware dump and some real reverse engineering. Well, it happened and basically everything looks alright (PDF report). The Somerset folks desoldered the chip, dumped the flash ROM, and when the IDA-dust settled, Mattel used firmware that’s similar to what everyone else uses to run Amazon cloud service agents, but aimed at the “toytalk.com” network instead. In short, it uses a tested and basically sound firmware.