37
ISSUES: Privacy
Chapter 3: The Internet of Things
Hackers can hijackWiFi Hello Barbie to spy
on your children
Security researcher warns hackers could steal personal information and turn the
microphone of the doll into a surveillance device.
By Samuel Gibbs
M
attel’s latest WiFi-enabled
Barbie doll can easily be
hacked to turn it into
a surveillance device for spying
on children and listening into
conversations without the owner’s
knowledge.
The Hello Barbie doll is billed as the
world’s first “interactive doll” capable
of listening to a child and responding
via voice, in a similar way to Apple’s Siri,
Google’s Now and Microsoft’s Cortana.
It’s just a matter of time until we are
able to have her say anythingwewant
Matt Jakubowski
It connects to the Internet via WiFi
and has a microphone to record
children and send that information off
to third-parties for processing before
responding with natural language
responses.
But US security researcher Matt
Jakubowski discovered that when
connected to Wi-Fi the doll was
vulnerable
to
hacking,
allowing
him easy access to the doll’s system
information,
account
information,
stored audio files and direct access to
the microphone.
Jakubowski told NBC: “You can take
that information and find out a person’s
house or business. It’s just a matter of
time until we are able to replace their
servers with ours and have her say
anything we want.”
Once Jakubowski took control of
where the data was sent the snooping
possibilities were apparent. The doll
only listens in on a conversation when
a button is pressed and the recorded
audio is encrypted before being sent
over the Internet, but once a hacker has
control of the doll the privacy features
could be overridden.
It was the ease with which the doll
was compromise, that was most
concerning. The information stored by
the doll could allowhackers to take over
a home WiFi network and from there
gain access to other internet connected
devices, steal personal information and
cause other problems for the owners,
potentially without their knowledge.
This isn’t the first time that Hello
Barbie has been placed under the
privacy spotlight. On its release in
March privacy campaigners warned
that a child’s intimate conversations
with their doll were being recorded
and analysed and that it should not go
on sale.
With a Hello Barbie in the hands of a
child and carried everywhere they
and their parents go, it could be the
ultimate in audio surveillance device
for miscreant hackers.
ToyTalk’s chief executive Oren Jacob
said: “An enthusiastic researcher has
reported finding some device data
and called that a hack. While the path
that researcher used to find that data
is not obvious and not user-friendly,
it is important to note that all that
information was already directly
available to Hello Barbie customers
through the Hello Barbie Companion
App. No user data, no Barbie content,
and no major security nor privacy
protections has been compromised to
our knowledge.”
Mattel, the manufacturers of Hello
Barbie, did not respond to requests for
comment.
26 November 2015
Ö
Ö
The
above
information
is
reprinted with kind permission
from
The Guardian
. Please visit
for further
information.
© 2017 Guardian News and
Media Limited
