Toy Hacking

You undoubtedly know that hackers are everywhere these days, including openly operating in Moscow near the government offices and inside the Chinese military.  You probably have virus and malware protection on your computer, and you know not to click on suspicious links sent by email.

But an interesting new vulnerability is emerging which you may soon be hearing more about: internet-connected toys.

A recent article in Forbes magazine reports on what a group of professional hackers found when they tried to sneak into smartphones connected to the Hello Barbie toy that will undoubtedly be a popular gift this holiday season.

The toy records kids’ conversations through the phone, and uses artificial intelligence to build that data into semi-realistic conversations with the toy’s owners.  The Hello Barbie app connects to your phone through your home Wi-Fi network, but it also connects, automatically, to any Wi-Fi network that has the word “Barbie” in the name.  All the professional hackers had to do was set up another Barbie Wi-Fi hub, wait for the toy to automatically connect, and they could pilfer data from the phone at will.

In addition, the Hello Barbie apps proved to be vulnerable to so-called POODLE attacks, which let hackers intercept traffic between the phone and the servers at doll manufacturer ToyTalk.

Would hackers really target a toy?  Last month, a Hong Kong-based firm called VTech was hacked through its own kids product, the InnoTab tablet.  The result: the theft of information on 6.4 million children and 4.8 million adults.

Source:

http://www.forbes.com/sites/thomasbrewster/2015/12/04/hackers-target-hello-barbies-iphone-but-its-good-news/?utm_campaign=Forbes&utm_source=TWITTER&utm_medium=social&utm_channel=Technology&linkId=19304521