Everything from your fridge to your light bulbs at home can have smart technology capabilities these days, so a smart version of a classic doll should not come as a surprise. However, producing Internet-connected toys makes it easier for hackers to intrude your home networks – risking the safety of your family.
Released late last year, Hello Barbie lets children “talk” to the toy through a cloud server system. As reported by the Wall Street Journal and other reputable sources, this could lead to a number of several security risks – with hackers being able to intercept the communications being one of them.
If a cybercriminal is able to hack into the toy’s connection, it would not take too long to get into the other devices or accounts linked to the home network the toy belongs to.
Mattel and ToyTalk, the main creators of Hello Barbie, have been releasing patches to the reported vulnerabilities. While some have been discovered as early as November of last year, the toy producers have been doing their part to fight against any security risks they pose.
On the other hand, Hello Barbie has experienced issues with their Android and iOS mobile apps. Hackers could theoretically modify the mobile app to reveal passwords and other sensitive information from an infected account.
The app could also instantly connect to unsecured networks with “Barbie” in their name – letting hackers steal data through spoof networks they set up.
If a cybercriminal can hack a toy’s connection, it would not take long to get the other devices linked to the home network.
An encryption flaw was also found on ToyTalk’s servers. Called POODLE, it allowed hackers to steal communication and related data. Additionally, an oversight in the systems could also allow cybercriminals to probe for more vulnerabilities in the system.
Bluebox, a company that offers mobile app security and analytics solutions, said these vulnerability points show the demand for “self-defending apps.” These apps would actively monitor potential attacks, defend against them, and ultimately prevent any hacking from taking place.
Although there is a low probability of any attack focusing on Hello Barbie – especially as most vulnerability points have been erased – it is still a risk a parent should not take.
Hello Barbie might not have caused any huge hacker attacks, but it is still better to err on the side of caution. Here are a few tips from Trend Micro’s security experts:
- Make sure to change the admin password when you get a new Internet-connected device.
- Regularly check for updates and patches for your products and software, and install them as soon as possible.
- Ensure apps, browsers, and programs are always updated
- Be vigilant against add-ons from 3rd party sources, only install updates from the original developers