PDA

View Full Version : Hello Barbie is a blabbermouth, exposes children’s conversations to hackers



Wireless News
12-05-2015, 12:08 PM
http://l.yimg.com/bt/api/res/1.2/QE1F6aEujwY8wXlbhqqz.g--/YXBwaWQ9eW5ld3NfbGVnbztmaT1maWxsO2g9ODY7cT03NTt3PT EzMA--/http://media.zenfs.com/en-US/homerun/digital_trends_973/fdec2e5c91dbc865822b11beb7863f15 (http://news.yahoo.com/hello-barbie-blabbermouth-exposes-children-154336496.html)A high-tech Barbie is terrible at keeping secrets. Toymaker Mattell is finding this out the hard way after a security firm revealed that Hello Barbie, a version of the beloved doll that comes with Wi-Fi and speech recognition technology, is vulnerable to hacking. Hello Barbie, which sells for $74.99, uses Wi-Fi connectivity and speech recognition technology to give children an interactive toy that can “discuss anything,” according to Mattel. The problem is that ToyTalk, the company behind the modern technology in the doll, has vulnerable servers, which means children’s recorded conversations with Hello Barbie could potentially be accessed without permission. Related : A hacked toy can open garage doors Bluebox, the security firm that revealed the doll’s vulnerabilities, shares that the Hello Barbie app for iOS and Android has a number of flaws, including the use of an authentication credential that can be reused by attackers and useless code that “increases the overall attack surface.” “The ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack,” according to Bluebox. All this means that hackers could potentially access, listen to and reconstruct recordings of children’s conversations with Hello Barbie. “We have been working with Bluebox and appreciate their Responsible Disclosure of issues with respect to Hello Barbie,” ToyTalk CTO Matt Reddy told Gizmodo. “We are grateful that they informed us of relevant security vulnerabilities, which have been addressed.” This revelation came on the heels of a warning from another researcher who said he found a flaw that could allow hackers to discover the home addresses of Hello Barbie owners, according to CNET. The Hello Barbie news has likely gotten the attention of the FTC, according to a former director of the FTC’s Bureau of Consumer Protection. Vtech, an electronics manufacturer based in Hong Kong, is working through a similar issue of its own-as it responds to a security breach of its Learning Lodge app store database. That breach made personal information such as email addresses, passwords, and mailing addresses accessible. Also watch: Hate Selfie Sticks? Say Hello to the Selfie Mirror Please enable Javascript to watch this video



More... (http://news.yahoo.com/hello-barbie-blabbermouth-exposes-children-154336496.html)