barbie

Look Who's Talking! Privacy and Security Concerns Over The New Hi-tech Barbie

Our Business Development Manager, Pavel Enderle, had an interview with CT24 TV, a Czech television channel, to discuss IoT security with particular reference to the new Barbie product, Hello Barbie. This Barbie can talk to children by using ToyTalk’s system to analyze the child’s speech and produce relevant responses.

The Internet of Things (IoT, which some tech-enthusiasts are calling the Internet of TOYS) are people, animals, or objects which are interconnected and communicate with one another, unleashing a new trend of “smart things” from the smart home, to the smart city and smart life. IoT caters to more than the world of grownups; it can be a microchip in your pet’s collar that opens and closes doors so they can let themselves out into the yard; and now it apparently extends to the world of children, in the form of smart toys.

Say hello to Barbie, the doll that can interact with your child through speech. Yes, she talks.

Below is an edited version of the interview for English-speaking readers. (Here is the original video in Czech.)

pavel hello barbie interview

Q: How does the new Hello Barbie doll actually work?

A: The child presses a button on the doll that starts a speech recognition process. The child then asks the doll a question. The question is recorded and probably encrypted. The data is uploaded via the Internet to a server hosted in the Cloud. An algorithm on the server analyzes the question before selecting an appropriate answer and then sends it back to the doll, which responds to the child. Processing the question and selecting a corresponding answer happens seamlessly and quickly. The conversation seems natural and normal to the child.

Q: The doll is connected to WiFi. The conversation will be recorded and stored. What are the risks?

A: Whoever has the information derived from the child’s questions can use it for marketing purposes. They can learn things not only about the child, but also about the child’s parents, or their personal habits, which are very valuable data these days. To many parents, having strangers in possession of their personal details can be considered a loss of privacy.

Depending on the security of the Cloud, hackers could exploit security vulnerabilities and break into the Cloud, stealing this data, and using it for nefarious purposes.

Q: Is there anything the parents can do to improve safety?

A: They can secure their home WiFi by using strong passwords and data encryption to prevent the bad guys from eavesdropping on their conversations. If they parents and the child are in a public location with unsecured WiFi, they should carefully consider if they want to connect the doll to this network or not. It is relatively easy these days to hack into an unsecured network and listen to what's going on. As far as I know, there is no specification for data encryption published yet, thus I do not know which protocol is used for communication.

Q: How can the data obtained from the talk between Hello Barbie and the child be used?

A: The data can be used to identify potential psychological problems of the child.

Another use, as mentioned before, is for targeted marketing purposes by businesses purchasing the data. This could still be positive, as in the case where the info is used to figure out gifts for the child.

Q: Experts compare ToyTalk technology, used by Hello Barbie, with Siri or Google Talk. Are questions from Siri or Google Talk also uploaded to, and stored in the Cloud?

A: Yes. The question to Hello Barbie is similar to a query that you type into a search engine.

Overall, people have different opinions about the moral aspect of allowing children to talk to the doll and not having full control over the responses that they might get.

Today information security is not just another thing happening on the Internet; it is going on within our homes. As we become more aware of security risks, and attacks being rampant on the mobile landscape, soon we will recognize the same thing concerning the Internet of Things.

IoT enthusiasts and makers who want to protect their IoT apps and data may be interested in learning more about our secure gateway by dropping us an email at info@teskalabs.com or sign up here to get notified about our release of our IoT Secure Gateway.

Photo credit: Barbie store

About the Author

Cindy Dam

TeskaLabs’ Marketing & Community Manager, Cindy Dam, has a penchant for hacking and storytelling. When she's not reading and writing about cyber hacking, she reads, writes, and comes up with mind and travel hacks.




You Might Be Interested in Reading These Articles

You Can Build Apps for the Apple TV, But Do You Know How to Do It Securely?

Apple will want to dominate the market for TV apps. To achieve this objective, it’s understandable that Apple makes it easy for app developers to create apps and games for the Apple TV platform using tvOS and profit from them just as they have already done so for the iPhone and iPad devices. Developers can leverage similar frameworks and technologies since tvOS is just a modified version of the iOS. They can even retrofit the apps that were previously developed for iOS to support the Apple TV’s tvOS.

Continue reading ...

mobile security

Published on June 29, 2016

Custom Made vs. Off-The-Shelf Mobile Apps – The Issue of Security

In October 2015, Blakely Thomas-Aguilar did a great article on mobile security statistics on the VMware AirWatch blog that can and will send shivers down your spine. For example, she found that there was an increase of 18% in the number of Android vulnerabilities between 2011 and 2015.

Continue reading ...

mobile security

Published on July 26, 2016

SQL Injection - Are Developers to Blame for Data Security Breaches?

Of course, this is a bold statement, but for those who deal with security issues from mobile applications, they can pinpoint where the flaw occurred with developers not taking security into account when developing mobile apps. Security takes the back seat to app functionality and remains as second thought.

Continue reading ...

security development

Published on March 07, 2015