10/28/2016

HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation

LOOKING FOR SOMETHING?

Search this website

ENTER YOUR TOPIC SEARCH TERMS ABOVE AND WE WILL HELP YOU FIND IT
HOME

ABOUT

RESOURCES

BLOG

EVENTS

by Social-Engineer.Org December 14, 2015

FRAMEWORK

PODCAST

NEWSLETTER

CONTACT

3 Comments

Hello Barbie. The doll that

REALLY listens

BECOME A NEWSLETTER
SUBSCRIBER
Your email address
SIGN UP

Its nothing new that when were on the Internet,

somewhere, a small portion of our semi-personal or
personal data is being cached. Were a society used to being
watched in some form or another while online. And sad to
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/

UPCOMING EVENTS

1/8

10/28/2016

HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation

say, most people just accept this. However, what about

when that steps over the line from collecting anonymous
statistics about your normal browsing habits to invading the
privacy of your home?
Take, for instance, your at screen TV. Not too long ago, it
was discovered that the Samsung smart TV line was in fact

NEED S.E. TRAINING?

voice recording all the time because of its voice recognition

technology, which allows users to give verbal commands.
Makes you all warm and fuzzy, doesnt it? Its not even just
TVs anymore as it turns out,
for all the smart features of LGs Smart Thinq Fridge to
work, the fridge must be connected to wireless. However,
the Deputy Director of the CIA Directorate of Science and
Technology recently told the Aspen Security Center forum in
Colorado that smart refrigerators have been used in
distributed denial of service attacks and claim that at least
one smart fridge played a role in a massive attack last year
involving more than 100,000 Internet connected devices
and more than 750,000 spam emails. Imagine having a
botnet of refrigerators attacking major infrastructure.
Welcome to the Internet of Things.

WHATS GOING ON
Social-Engineer
Newsletter Vol 06 Issue
85
DEF CON 24 SECTF Results
Webinar
Ep. 086 But wait, theres
more! with Dr. Cialdini

Of course, those of us who are privacy advocates have been

aware of things like this for some time. But what really
moved us to write this article was something that was
released within the past few days.

NEED A SPEAKER FOR

YOUR EVENT?

LOOKING FOR A GOOD

BOOK?

When you think of it, what could be more harmless than a

childs doll, especially those famous totally out-ofproportion ones? Yes, Im talking about Barbie. Well, the
http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/

FIND POSTS BY TOPIC

2/8

10/28/2016

HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation

Mattel Company, which makes Barbie, has developed

something called Hello Barbie. This is the rst fashion doll
that can have a two-way conversation with children. It
features speech recognition and progressive learning
features that provide the child with an engaging and unique
Barbie experience, and were quoting directly from the FAQ
from the Mattel site. It plays interactive games, tells jokes
and inspires storytelling,it tailors its conversations based on
play history, and its only $74.99!!!
But there are some alarming features and requirements of
this particular doll that should raise some massive
concerns. Hello Barbies two-way communication does not

Find Posts by Topic

Select Category

work when its not connected to the Internet. The doll must
be connected via Wi-Fi to have a conversation with the
child. But Mattel tries to put the parents at ease with a
speci c section in the FAQ that talks about what parents
need to know about this product. First, the company says
that Hello Barbie is not always on. Hello Barbie is only

FIND POSTS BY MONTH

Find Posts by Month
Select Month

active when her belt buckle is pressed. The next point

shows a glimpse of the capabilities, which arent explained
in much detail. All recorded conversations are stored online,
which are stored securely on (their cloud) server
infrastructure and parents have the power to listen to,
SHARE, and/or delete stored recordings any time.

http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/

OUR VALUED SPONSORS

& PARTNERS

3/8

10/28/2016

HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation

But as you can imagine, somebody looked into the security

of the technology a little deeper. A security researcher by
the name of Matt Jakubowski found that there are aws and
insecurities in the doll itself as well as how the information
is stored and transferred. What is this two-way conversation
with Hello Barbie based on again? It requires the use of WiFi and an Internet connection, and hence it is as susceptible
to attackers as anything that would be on your home
network.
FOLLOW
USThe
HERE question

arises; why does the doll itself need a

constant connection to the Internet when, in the features of
the doll, it is preprogrammed with more than 8000 lines of
dialogue and 20 interactive games? Still, it requires to be
connected to a cloud-based service that is used for voice
recognition and information storage. This means that
everything heard is transmitted via the Internet to the
cloud-based system, after which the response is generated
and sent back to the doll. Now granted, Mattel does state
that it uses encryption and commercially reasonable and
appropriate measures to protect customer data and that
The security and privacy of Hello Barbie has been certi ed
as in compliance with COPPA (Childrens Online Privacy
Protection Act). However, this is NOT the problem.
The vulnerability does not speci cally originate with a
awed communication method or an exploitable piece of
code (at least not yet). The doll itself raises privacy
concerns. The actual security/privacy of the doll is only as
strong as the Wi-Fi networks it connects to. Now even
though Jakubowski has not released speci c ndings or
details on the exact method of hacks, we can speculate
possibilities because the practice of hijacking wireless has
been around for some time.
A wireless access point can be cloned (often called an evil
twin) to get users to unwittingly connect to the evil AP.

http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/

4/8

10/28/2016

HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation

First, information is gathered about the wireless access

point to be targeted. Then, the users of the legitimate
wireless network are disconnected using whats called a
de-authentication attack. Then all thats needed is for the
evil twin access point, now cloned as the target access
point, to have a stronger signal than the original, and the
client will connect to it. Once this is done, all traf c through
the network can be captured or sniffed, including any data
that the Hello Barbie would relay back to the cloud-based
FOLLOW
voice recognition servers. Also, according to Jakubowski,

US HERE

once he connected to the Hello Barbies Wi-Fi network, he

had him easy access to the dolls system information,
account information, stored audio les and direct access to
the microphone. Speculating on this statement leads us to
believe that the doll itself does have some serious security
aws as does its connection to and from the cloud-based
servers. For that, we will have to wait and see.
So what does this mean for your personal safety and
security? As you can see, technology is advancing to make
our lives not only easier but also more interesting, not just
for adults but children as well. However, as parents, or
anyone for that matter, we need to be aware of all types of
smart technology. Ask yourself: What information is it
capturing? Why does it need it? Can it be disabled?
Understand to some degree how it does what it does and
question why a certain smart device requires access to the
Internet. How? READ THE FINE PRINT of the devices privacy
statement, which it is required to have. This will help in
determining what information your smart device may be
sending and help to determine if a malicious individual
could leverage this information to attack you and your
family.

http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/

5/8

10/28/2016

HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation

Filed Under: General Social Engineer Blog

Like it? Share it!

PREV POST

RESULTS WEBINAR

FOLLOW
US HERE

DEF CON 23
SECTF

DEF CON 24:

THE RISE OF NEXT POST
THE SEVILLAGE RECAP AND MORE

Want even more Social

Engineering goodness?

Sign up for our free newsletter and receive exclusive

subscriber-only content!

SIGN UP

Your email address

Trackbacks
Hello Barbie. The doll that REALLY listens - Systerity

says:

December 19, 2015 at 2:37 pm

[] post Hello Barbie. The doll that REALLY listens

appeared rst on Security Through []

2 Hello Barbie. The doll that REALLY listens

says:

February 29, 2016 at 12:07 am

[] Go to Hacker News Author: zdk []

Draft for recreating page: BestVPN Awards -BestVPN.com

says:

May 23, 2016 at 7:58 am

[] Hello Barbie. The doll that REALLY listens []

Leave A Reply

http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/

6/8

10/28/2016

HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation

Leave A Reply
Comment

FOLLOW
US HERE

Name *

Email *

Website

Submit

NOW AVAILABLE FROM HADNAGY &

FINCHER

LOOKING FOR
SOMETHING?
Search this website

BECOME A NEWSLETTER
SUBSCRIBER
Your email address
SIGN UP

http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/

HELPFUL
LINKS
ABOUT
BLOG
FRAMEWORK
PODCAST
NEWSLETTER
RESOURCES
CTF
THE
SEVILLAGE
CONTACT
7/8

10/28/2016

HelloBarbie.ThedollthatREALLYlistensSecurityThroughEducation

BACK TO TOP
COPYRIGHT 2016 SOCIAL ENGINEER, INC ALL RIGHTS RESERVED SITE DESIGN BY EMILY WHITE DESIGNS

FOLLOW
US HERE

http://www.socialengineer.org/generalblog/hellobarbiethedollthatreallylistens2/

8/8