10/28/2016
HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation
LOOKING FOR SOMETHING?
Search this website
ENTER YOUR TOPIC SEARCH TERMS ABOVE AND WE WILL HELP YOU FIND IT
HOME
ABOUT
RESOURCES
BLOG
EVENTS
by Social-Engineer.Org December 14, 2015
FRAMEWORK
PODCAST
NEWSLETTER
CONTACT
3 Comments
Hello Barbie. The doll that
REALLY listens
BECOME A NEWSLETTER
SUBSCRIBER
Your email address
SIGN UP
Its nothing new that when were on the Internet,
somewhere, a small portion of our semi-personal or
personal data is being cached. Were a society used to being
watched in some form or another while online. And sad to
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/
UPCOMING EVENTS
1/8
�10/28/2016
HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation
say, most people just accept this. However, what about
when that steps over the line from collecting anonymous
statistics about your normal browsing habits to invading the
privacy of your home?
Take, for instance, your at screen TV. Not too long ago, it
was discovered that the Samsung smart TV line was in fact
NEED S.E. TRAINING?
voice recording all the time because of its voice recognition
technology, which allows users to give verbal commands.
Makes you all warm and fuzzy, doesnt it? Its not even just
TVs anymore as it turns out,
for all the smart features of LGs Smart Thinq Fridge to
work, the fridge must be connected to wireless. However,
the Deputy Director of the CIA Directorate of Science and
Technology recently told the Aspen Security Center forum in
Colorado that smart refrigerators have been used in
distributed denial of service attacks and claim that at least
one smart fridge played a role in a massive attack last year
involving more than 100,000 Internet connected devices
and more than 750,000 spam emails. Imagine having a
botnet of refrigerators attacking major infrastructure.
Welcome to the Internet of Things.
WHATS GOING ON
Social-Engineer
Newsletter Vol 06 Issue
85
DEF CON 24 SECTF Results
Webinar
Ep. 086 But wait, theres
more! with Dr. Cialdini
Of course, those of us who are privacy advocates have been
aware of things like this for some time. But what really
moved us to write this article was something that was
released within the past few days.
NEED A SPEAKER FOR
YOUR EVENT?
LOOKING FOR A GOOD
BOOK?
When you think of it, what could be more harmless than a
childs doll, especially those famous totally out-ofproportion ones? Yes, Im talking about Barbie. Well, the
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/
FIND POSTS BY TOPIC
2/8
�10/28/2016
HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation
Mattel Company, which makes Barbie, has developed
something called Hello Barbie. This is the rst fashion doll
that can have a two-way conversation with children. It
features speech recognition and progressive learning
features that provide the child with an engaging and unique
Barbie experience, and were quoting directly from the FAQ
from the Mattel site. It plays interactive games, tells jokes
and inspires storytelling,it tailors its conversations based on
play history, and its only $74.99!!!
But there are some alarming features and requirements of
this particular doll that should raise some massive
concerns. Hello Barbies two-way communication does not
Find Posts by Topic
Select Category
work when its not connected to the Internet. The doll must
be connected via Wi-Fi to have a conversation with the
child. But Mattel tries to put the parents at ease with a
speci c section in the FAQ that talks about what parents
need to know about this product. First, the company says
that Hello Barbie is not always on. Hello Barbie is only
FIND POSTS BY MONTH
Find Posts by Month
Select Month
active when her belt buckle is pressed. The next point
shows a glimpse of the capabilities, which arent explained
in much detail. All recorded conversations are stored online,
which are stored securely on (their cloud) server
infrastructure and parents have the power to listen to,
SHARE, and/or delete stored recordings any time.
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/
OUR VALUED SPONSORS
& PARTNERS
3/8
�10/28/2016
HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation
But as you can imagine, somebody looked into the security
of the technology a little deeper. A security researcher by
the name of Matt Jakubowski found that there are aws and
insecurities in the doll itself as well as how the information
is stored and transferred. What is this two-way conversation
with Hello Barbie based on again? It requires the use of WiFi and an Internet connection, and hence it is as susceptible
to attackers as anything that would be on your home
network.
FOLLOW
USThe
HERE question
arises; why does the doll itself need a
constant connection to the Internet when, in the features of
the doll, it is preprogrammed with more than 8000 lines of
dialogue and 20 interactive games? Still, it requires to be
connected to a cloud-based service that is used for voice
recognition and information storage. This means that
everything heard is transmitted via the Internet to the
cloud-based system, after which the response is generated
and sent back to the doll. Now granted, Mattel does state
that it uses encryption and commercially reasonable and
appropriate measures to protect customer data and that
The security and privacy of Hello Barbie has been certi ed
as in compliance with COPPA (Childrens Online Privacy
Protection Act). However, this is NOT the problem.
The vulnerability does not speci cally originate with a
awed communication method or an exploitable piece of
code (at least not yet). The doll itself raises privacy
concerns. The actual security/privacy of the doll is only as
strong as the Wi-Fi networks it connects to. Now even
though Jakubowski has not released speci c ndings or
details on the exact method of hacks, we can speculate
possibilities because the practice of hijacking wireless has
been around for some time.
A wireless access point can be cloned (often called an evil
twin) to get users to unwittingly connect to the evil AP.
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/
4/8
�10/28/2016
HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation
First, information is gathered about the wireless access
point to be targeted. Then, the users of the legitimate
wireless network are disconnected using whats called a
de-authentication attack. Then all thats needed is for the
evil twin access point, now cloned as the target access
point, to have a stronger signal than the original, and the
client will connect to it. Once this is done, all traf c through
the network can be captured or sniffed, including any data
that the Hello Barbie would relay back to the cloud-based
FOLLOW
voice recognition servers. Also, according to Jakubowski,
US HERE
once he connected to the Hello Barbies Wi-Fi network, he
had him easy access to the dolls system information,
account information, stored audio les and direct access to
the microphone. Speculating on this statement leads us to
believe that the doll itself does have some serious security
aws as does its connection to and from the cloud-based
servers. For that, we will have to wait and see.
So what does this mean for your personal safety and
security? As you can see, technology is advancing to make
our lives not only easier but also more interesting, not just
for adults but children as well. However, as parents, or
anyone for that matter, we need to be aware of all types of
smart technology. Ask yourself: What information is it
capturing? Why does it need it? Can it be disabled?
Understand to some degree how it does what it does and
question why a certain smart device requires access to the
Internet. How? READ THE FINE PRINT of the devices privacy
statement, which it is required to have. This will help in
determining what information your smart device may be
sending and help to determine if a malicious individual
could leverage this information to attack you and your
family.
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/
5/8
�10/28/2016
HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation
Filed Under: General Social Engineer Blog
Like it? Share it!
PREV POST
RESULTS WEBINAR
FOLLOW
US HERE
DEF CON 23
SECTF
DEF CON 24:
THE RISE OF NEXT POST
THE SEVILLAGE RECAP AND MORE
Want even more Social
Engineering goodness?
Sign up for our free newsletter and receive exclusive
subscriber-only content!
SIGN UP
Your email address
Trackbacks
Hello Barbie. The doll that REALLY listens - Systerity
says:
December 19, 2015 at 2:37 pm
[] post Hello Barbie. The doll that REALLY listens
appeared rst on Security Through []
2 Hello Barbie. The doll that REALLY listens
says:
February 29, 2016 at 12:07 am
[] Go to Hacker News Author: zdk []
Draft for recreating page: BestVPN Awards -BestVPN.com
says:
May 23, 2016 at 7:58 am
[] Hello Barbie. The doll that REALLY listens []
Leave A Reply
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/
6/8
�10/28/2016
HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation
Leave A Reply
Comment
FOLLOW
US HERE
Name *
Email *
Website
Submit
NOW AVAILABLE FROM HADNAGY &
FINCHER
LOOKING FOR
SOMETHING?
Search this website
BECOME A NEWSLETTER
SUBSCRIBER
Your email address
SIGN UP
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/
HELPFUL
LINKS
ABOUT
BLOG
FRAMEWORK
PODCAST
NEWSLETTER
RESOURCES
CTF
THE
SEVILLAGE
CONTACT
7/8
�10/28/2016
HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation
BACK TO TOP
COPYRIGHT 2016 SOCIAL ENGINEER, INC ALL RIGHTS RESERVED SITE DESIGN BY EMILY WHITE DESIGNS
FOLLOW
US HERE
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/
8/8
