Not all toys are created equal. In fact, Mattel’s recently released Wi-Fi connected Barbie is said to be one of the most technologically advanced toys to date. But with increased connectivity comes the greater likelihood of vulnerabilities, and San Diego-based security firm Somerset Recon has found quite a few.
Hello Barbie, which launched late last year, may not be able to change outfits, but she state of the art and fully connected. Owners can chat with Barbie but first a guardian must download a mobile application and connect her to a wireless network. Children speak to Barbie while holding a press-to-talk button on her belt and their words are transmitted over a Wi-Fi connection to the servers of Toy Talk, a San Francisco–based startup that Mattel partnered with to give Barbie her digital makeover. Speech recognition software then converts audio into text, and artificial intelligence software plucks keywords from a what a child says, triggering Barbie to respond from her arsenal of 8,000 pre-written lines.
In a new report published Monday , Somerset Recon found some significant security lapses in Toy Talk’s web services — 14 to be exact — four of which were of medium severity while 10 were deemed low.
The “nastiest” vulnerability, according to the report, allows an attacker to give an unlimited number of password guesses, without triggering an account lockout. Once an attacker finds their way into a parent’s account, he or she has access to a treasure trove of personal information, including recordings of a child’s responses to Barbie, which parents can play, delete or share on social media with the click of a button.
To add insult to injury, according to the report, Toy Talk’s website allows users to choose weak passwords, making an attacker’s guessing game simpler. “The password policy only stipulates that you must use eight characters,” the firm’s lead security researcher tells Newsweek , wishing to remain anonymous, “and doesn’t require any other complexities…like numbers or special characters.”
In November, when Somerset Recon first unpacked the doll’s innards to analyze her hardware, the researchers were pleasantly surprised by Barbie’s security. In fact, they found that the Wi-Fi credentials stored on Barbie’s chips were encrypted, making it much harder for the average adversary to extract, though not impossible. But the second round of investigation and testing yielded much less positive results.
According to the new report, the firm also found that customers could be sent malicious Toy Talk links, redirecting them to phishing websites. The researchers also found that several domains associated with Hello Barbie allowed for unencrypted communication, among other issues.
Soon after the product’s release, Toy Talk set up a bounty program , looking to have skilled security researchers from around the globe help them to find vulnerabilities. Though the researcher praised ToyTalk for quickly fixing security issues raised through their bounty program, the report had a different takeaway.
“Companies need to understand that a bug bounty program is a last resort,” the firm typed in bold, “not a replacement for proper security analysis before a product’s release.”
The researcher added: “When we first looked at the website, some of the vulnerabilities we noticed were low-hanging fruit — vulnerabilities that a penetration tester or security expert could easily spot. They probably could have done a lot more before the product was released.”Click here for reuse options!
Copyright 2016 Newswire Post