Barbie is a lot more technologically advanced than she used to be. Now, a Barbie doll can listen to a child and respond using voice recognition.
According to security researchers, however, bugs in the Hello Barbie smartphone app mean that Barbie might not have been the only one listening — hackers could potentially listen in, too.
Privacy advocates have warned of the dangers of Hello Barbie since it was released earlier this year, especially given the fact that recordings are sent to the Internet and stored in the cloud to be processed for voice recognition.
Bluebox Labs, working with independent researcher Andrew Hay, has detailed a number of security flaws in the system that could allow hackers to spy on children and the conversations that they have with the doll.
According to the report, hackers could have intercepted data sent from the doll to servers. Not only that, but the servers in question were vulnerable to an exploit that downgrades and breaks online encryption, meaning that hackers could effectively listen to the recordings.
"That meant that if someone was listening to the connection and the communication channel, they could force a downgrade of the connection to try to steal any of the conversations that are uploaded from the doll," said Andrew Blaigh, a researcher at Bluebox, in an interview with Motherboard.
The app used itself was also found to be vulnerable, meaning that hackers could replace it with a malicious one. Last but not least, the doll was programmed to connect to any network with the word "Barbie" in its name, which could definitely allow hackers to intercept data.
Thankfully, ToyTalk, the company behind Hello Barbie, has quickly responded to the report, collaborating with researchers to fix the issues. Not only that, but the company has also started a bug bounty program, meaning that hackers working for good can report more bugs and make money doing so.
Despite this, it's still important to be careful of toys like Hello Barbie, especially in the wake of the VTech hack. While it's one thing for adults to have their personal information stolen, things are taken to a new level of creepy when hacks involve children.
Via: Motherboard