Hacked interactive Barbie poses family security threat

Stand by for a steady and growing stream of IoT-related security and surveillance scare stories over the coming years - all picked to chime with the particular phase of the consumer year.  Today of course is the dreaded Black Friday, the day that shoppers are supposed to be whipped into a frenzy of panic and bargain buying as the holiday ‘gift season’ really gets under way.

So today the UK’s Guardian newspaper has a story on the ‘hacked Barbie’. It’s not a spine tingling murder mystery (although it might be) but a salutary look at the potential for the plastic doll  to be wired up and to report back what it sees and hears to an evil genius, no doubt domiciled in a volcano somewhere. Think Toy Story 2015. What a plot!

But the Guardian is serious, as well it might be.

It reports the probings of US “security researcher” Matt Jakubowski who had been fiddling about with Mattel’s latest WiFi Barbie and discovered that it could be hacked. It was, says Jakubowski, therefore capable of listening in to a child and interacting with it in a similar way to “to Apple’s Siri, Google’s Now and Microsoft’s Cortana,” and that means it could be used for all manner of nefarious purposes.

“You can take that information and find out a person’s house or business. It’s just a matter of time until we are able to replace their servers with ours and have her (Barbie) say anything we want,” he said.

The possibility that WiFi Interactive Barbie might be used for sexual grooming hangs over the story, unmentioned but palpable.

“The doll only listens in on a conversation when a button is pressed and the recorded audio is encrypted before being sent over the internet, but once a hacker has control of the doll the privacy features could be overridden,” says the Guardian story.

Of course. And there’s plenty more connected gadget vulnerabilities, and newspaper stories, where that came from.