Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


If you can read this message, please contact us immediately at the following email address:

We'd like to communicate.


Smart toy vulnerabilities could provide a way for hackers to watch and talk to children

Smart toy vulnerabilities could provide a way for hackers to watch and talk to children

Intenet-enabled toys such as Hello Barbie present scary security risks but solutions are being developed to reduce them

By Thomas Macaulay | Feb 17, 2017  from Techworld

Barbie has gone through more reinventions than Madonna in her 57 ageless years, but her latest reincarnation could be her most revolutionary yet. The internet of things has entered the playroom, and it’s added a layer of intelligence to Mattel’s signature fashion doll, which can now record what children say and give personalised replies by feeding data to the cloud and analysing their play habits.

It all sounded like fun and games until reports emerged last September that Hello Barbie might not be as innocent as she seemed. Security vulnerabilities in the Wi-Fi enabled doll opened a route to turn it into a surveillance device by joining the connected home network.

barbie istock ekaterina minaeva
Image: iStock/Ekaterina Minaeva

Security researcher Matt Jakubowski told NBC Chicago he had accessed the toy’s operating system to gain system information, the Wi-FI network names and account IDs it connects to and the audio it records. He claimed he could use that information to find the house it was kept in and then access the home network.

"We're still struggling to have a security kind of mindset when we develop software and products," Gartner analyst Ruggero Contu tells Techworld.

"There is a need — particularly in the world of digital business and IoT — that security processes and best practices in technology are embedded into the development stage, and at the moment I don't think it's the case."

Barbie isn’t the only example of an insecure Mattel smart toy. Its subsidiary Fisher-Price produces an interactive stuffed animal with verification limitations unearthed by researchers at Boston security company Rapid7 that could give out personal details about a child.

Other manufacturers have faced similar criticisms. The toymaker VTech admitted that information about more than six million children had been stolen by hackers in November 2015 by accessing its devices, including children's photos and addresses.

Legal action

The spate of vulnerabilities exposed led a trio of consumer watchdogs in the USA to file a complaint last December alleging that some toy manufacturers collected and used personal information including children’s voices and provided a way for strangers to listen in on their conversations.

The submission claims they violate the Children's Online Privacy Protection Act (COPPA), which requires companies to gain parental consent for any personal information obtained online from children under age of 13.

Mattel told Techworld that it was committed to safety and security when bringing new products to market.

"Mattel and its partners take a number of steps to ensure all of our products conform with applicable laws and standards, including the Children's Online Privacy Protection Act," the company said in a statement.

read more:

"We are shaped by our thoughts; we become what we think. When the mind is pure, joy follows like a shadow that never leaves."

Sign In or Register to comment.