How Barbie Brought Attention to Securing the Internet of Things
Hello Barbie, the new interactive doll from Mattel, has some security flaws. As the Internet of Things becomes a reality, manufacturers must make security a priority.
Every holiday season, Barbie dolls become a fascination for children everywhere. Making its debut in March 1959, Barbie is the single most successful doll ever produced. She’s run for president six times since 1992, traveled to space in 1965, and is sold in 150 countries around the globe. And in 2015, Barbie got connected.
In March, Mattel released the Hello Barbie doll to the delight of children and hackers everywhere. The doll is capable of engaging in two-way conversation over a WiFi network (and companion app), with up to 8,000 lines of dialog to choose from. Children can ask Barbie questions, participate in co-created stories, and engage in conversations on a wide variety of topics. And since it can connect to the Internet, it has become a target for hackers.
As Mattel describes the toy:
“Now, you can chat with Barbie! Using WiFi and speech recognition technology, Hello Barbie doll can interact uniquely with each child by holding conversations, playing games, sharing stories, and even telling jokes! It's a whole new way to interact with Barbie. She's ready to discuss anything in an outfit that blends trendy and techie for a cool look. Use is simple after setup — push the doll's belt buckle to start a conversation, and release to hear her respond. More than 8,000 lines of recorded content means countless hours of fun! Just like a real friend, Hello Barbie doll listens and remembers the user's likes and dislikes, giving everyone their own unique experience.”
Much like Siri, Cortana, or Google Now, the new doll gives children an interactive experience. But, according to privacy advocates, the focus on conversing specifically with children worries many. “This is really about Mattel eavesdropping on a child's heart and soul — and the most intimate things about their lives," Susan Linn, executive director of the Campaign for a Commercial-Free Childhood, told NPR in October.
While I’m not sure the technology is that different from other personal digital assistants, certainly marketing its benefits to children is disconcerting. In a recent online review of the doll, Barbie is seen asking a number of questions of the user, leading them through a series of interactive stories, and imparts general knowledge when you ask her. Interesting, but in each of the interactions, it is readily apparent that large amounts of information are gathered by Barbie as she speaks with the user. For example, Barbie at one point in the video asks, “You know what I want to talk about? Family! Do you have any sisters?”
Not surprisingly, researchers have discovered security weaknesses in the doll that can enable easy access to system information, Barbie’s microphone, and stored audio files. Security researcher Matt Jakubowski told NBC, “You can take that information and find out a person’s house or business. It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.”
Additionally, in early December, Bluebox Security released a report on the doll and the accompanying mobile application (developed by Mattel and ToyTalk). What they found was disturbing:
“We discovered several issues with the Hello Barbie app including:
On the server side, we also discovered:
Bluebox disclosed the most critical security weaknesses to ToyTalk prior to its public release and ToyTalk promptly resolved a number of them.
Many parents, however, still have decided to buy the doll. “I was so stressed getting this for my little girl BUT she has not put it down! The adventures and general knowledge is incredible. ... I read all the hacking stuff but I'm sorry if big brother was going to spy he's already doing it through your smart phone,” one reviewer on Amazon argues. “This is a great toy that sparks imagination my daughter is jumping around like a frog on a trip with Barbie great toy thanks for making our Christmas magic.”
What the very public release of the security weaknesses of Hello Barbie indicate is as the Internet of Things becomes a reality, manufacturers must make security a priority. We cannot afford not to.
Lumina Foundation is partnering with Big Think to unearth the next large-scale, rapid innovation in post-high school education. Enter the competition here!
Good science is sometimes trumped by the craving for a "big splash."
- Scientists strive to earn credit from their peers, for grants from federal agencies, and so a lot of the decisions that they make are strategic in nature. They're encouraged to publish exciting new findings that demonstrate some new phenomenon that we have never seen before.
- This professional pressure can affect their decision-making — to get acclaim they may actually make science worse. That is, a scientist might commit fraud if he thinks he can get away with it or a scientist might rush a result out of the door even though it hasn't been completely verified in order to beat the competition.
- On top of the acclaim of their peers, scientists — with the increasing popularity of science journalism — are starting to be rewarded for doing things that the public is interested in. The good side of this is that the research is more likely to have a public impact, rather than be esoteric. The bad side? To make a "big splash" a scientist may push a study or article that doesn't exemplify good science.
Moans, groans, and gripes release stress hormones in the brain.
Could you give up complaining for a whole month? That's the crux of this interesting piece by Jessica Hullinger over at Fast Company. Hullinger explores the reasons why humans are so predisposed to griping and why, despite these predispositions, we should all try to complain less. As for no complaining for a month, that was the goal for people enrolled in the Complaint Restraint project.
Participants sought to go the entirety of February without so much as a moan, groan, or bellyache.
Two space agencies plan missions to deflect an asteroid.
- NASA and the European Space Agency (ESA) are working together on missions to a binary asteroid system.
- The DART and Hera missions will attempt to deflect and study the asteroid Didymoon.
- A planetary defense system is important in preventing large-scale catastrophes.
SMARTER FASTER trademarks owned by The Big Think, Inc. All rights reserved.