“Once again, Mattel’s ‘Hello Barbie’ doll is in the news”.
David Emm, Principal Security Researcher at Kaspersky Lab said :
“The doll is interactive. It is equipped with a computer chip, a microphone, a speaker and it is also Wi-Fi-enabled. When a child presses Barbie’s belt-buckle, the doll asks a question and records the child’s answer. It is then encrypted and sent over the Internet to be processed by the voice-recognition software of Mattel’s technology partner, ToyTalk. The software then sends a command to Barbie to playback a reply stored in the doll, appropriate to whatever the child chooses to talk about.
“Concerns about the doll centre mainly around privacy – the fact that secrets entrusted to the doll by a child are shared with Mattel and its partners. There’s also the potential risk that such data might fall into the hands of hackers, if the security of Mattel or its partners are breached. This issue was highlighted a few days ago when children’s toy-maker VTech revealed that a compromise of its systems led to the theft of names, physical addresses, e-mail addresses, security questions and answers, and more data pf millions of families worldwide [link].
“Recently, security researcher Matt Jakubowski was able to extract Wi-Fi network name, internal MAC address, account IDs and MP3 files from the Hello Barbie doll [link]. This is enough to gain access to the Hello Barbie account and a home network – thereby compromising the wider security of any family of a child using the doll.
“We live in a connected world, where even our children’s toys could become the means for personal data being captured by attackers. It’s really important that, when considering such toys this Christmas, parents look beyond the fun aspect of a toy and consider the impact it might have on their child and the wider family.”
[su_box title=”About David Emm” style=”noise” box_color=”#336588″]
David Emm is Principal Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. He has been with Kaspersky Lab since 2004 and is a member of the company’s Global Research and Analysis Team. He has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon’s Software, and Systems Engineer and Product Manager at McAfee. In his current role, David regularly delivers presentations on malware and other IT security threats at exhibitions and events, highlighting what organisations and consumers can do to stay safe online. He also provides comment to broadcast and print media on the ever-changing cyber-security and threat landscape. David has a strong interest in malware, ID theft and the human aspects of security. David is a knowledgeable advisor on all aspects of online security.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.