• Hello Barbie Doll

Hello Barbie Doll (Photo : Twitter)

New report revealed that Internet-connected Hello Barbie doll from toymaker Mattel experienced security vulnerabilities.

The way Hello Barbie works seems magical at first glance. It works just like Siri and Google Now, the doll would send recorded speech to the cloud, where the audio is analyzed and a response determined, which is sent back to the doll for playback.

Like Us on Facebook

Security firm Bluebox Labs confirmed over the weekend that Hello Barbie’s application developed by ToyTalk and the cloud server that connect the doll to the Internet would allow attackers to cut through security protections and access recordings of children's conversations with Barbie, NBC News reported. 

Bluebox added that the servers that stored and analyzed speech were vulnerable to phony security certificates as well, and had not patched the widespread "POODLE" bug that affects secure connections, an attack disclosed 14 months ago that breaks HTTPS encryption.

Researchers also uncovered a variety of weaknesses in the iOS and Android app, which is being used to connect the doll to a nearby Wi-Fi networks. The affected app utilizes an authentication credential that can be re-used by attackers, and connects a mobile device to any unsecured Wi-Fi network if it has “Barbie” in the name.

Mattel and ToyTalk worked closely together to ensure the safety and security of Hello Barbie for the children. Bluebox confirmed a number of issues were resolved ahead of publication of its research, according to PC Mag. ToyTalk has also initiated a security bug bounty program to keep Hello Barbie safe from prying eyes. 

This is not the first issue where toys become safety and privacy concerns related to its Internet connection.VTech experienced it as well, where hackers stole account information of more than 6.4 million children who use its Learning Lodge app store. The company has since hired a high-profile cybersecurity incident-response team to deal with the aftermath.