The Barbie doll seems to be among the most benign toys on the planet. One of its new incarnations is not. The Hello Barbie, made by Mattel Inc. (NYSE: MAT), could be the target of hackers.
Barbie first appeared in 1959. Since then, Mattel has sold tens of millions of the dolls in dozens of incarnations, ranging from ones that can talk to ones which eat Oreos. Very modern technology allowed Mattel to create a Barbie with advanced voice recognition. The Hello Barbie toy has a microphone and speaker in its necklace and power button on its belt. Mattel says the doll cannot be used without parental approval. It comes with an app that allows conversation via Wi-Fi. It is this Wi-Fi application that makes Hello Barbie a target for malicious hackers.
Wi-Fi security expert Andrew Blaich wrote at tech site BlueBox:
For any connected device, strong security must take into account not just the device itself, but the full scope of apps and infrastructure associated with it. Along with independent security researcher Andrew Hay, Bluebox Labs has examined the security of the mobile components of Hello Barbie. This joint research covers the mobile app, both iOS and Android versions, developed by Mattel partner ToyTalk as well as communications between the app and cloud-based servers.
We discovered several issues with the Hello Barbie app including:
It utilizes an authentication credential that can be re-used by attackers
It connects a mobile device to any unsecured Wi-Fi network if it has “Barbie” in the name
It shipped with unused code that serves no function but increases the overall attack surface
On the server side, we also discovered:Client certificate authentication credentials can be used outside of the app by attackers to probe any of the Hello Barbie cloud servers.
The ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack
Barbie has become a sort of dangerous, portable, crude smartphone device priced at $79.44, its innocence destroyed.
The #1 Thing to Do Before You Claim Social Security (Sponsor)
Choosing the right (or wrong) time to claim Social Security can dramatically change your retirement. So, before making one of the biggest decisions of your financial life, it’s a smart idea to get an extra set of eyes on your complete financial situation.
A financial advisor can help you decide the right Social Security option for you and your family. Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to three financial advisors who serve your area, and you can interview your advisor matches at no cost to decide which one is right for you.
Click here to match with up to 3 financial pros who would be excited to help you optimize your Social Security outcomes.
Have questions about retirement or personal finance? Email us at [email protected]!
By emailing your questions to 24/7 Wall St., you agree to have them published anonymously on a673b.bigscoots-temp.com.
By submitting your story, you understand and agree that we may use your story, or versions of it, in all media and platforms, including via third parties.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.