Is Hello Barbie About to Ruin Your Holidays?


In today’s world of the Internet of Things (IoT), every device seemingly speaks to every other device, and apparently Hello Barbie is no exception. Today’s version of Hello Barbie adds real-time language processing features that allow communication between the doll and its owner. This all sounds fantastic – not to mention futuristic – but BlueBox Security identified flaws that could lead to passwords being compromised.

While this particular data security flaw is not major – and has supposedly been rectified – other security flaws in toys and children’s applications have been exposed. Just recently, VTech, a maker of educational toys for kids suffered a security breach to its database that put the information of millions of its customers at risk. In fact, according to VTech, 4.8 million parent accounts and 6.3 million child profiles were all impacted.

IoT and connected devices are now becoming mainstream in toys and while the opportunities for connectivity with toys and games is enormous, so too is the exposure to hacking. Manufacturers need to include robust security in their products and applications to prevent hackers from stealing sensitive data.

Cryptanium protects mobile applications on multiple platforms and used in products like children’s toys, using the following security features:

  • Integrity protection
  • Obfuscation
  • Anti-piracy protection
  • Anti-debug protection
  • Binary packing
  • White-box cryptography
  • Diversification
  • Jailbreak/rooting detection

Cryptanium has two main components. The first is Cryptanium Secure Key Box, a white box cryptographic library that implements standard cryptographic algorithms in a way that completely hides the keys. The second is Cryptanium Code Protection, a comprehensive tool for hardening software applications on multiple platforms. These two components work together to increase mobile application security.

It’s fun to shower our kids with toys and experiences around the holiday, but don’t let Barbie or some other toy or application ruin the end of your year by exposing your identity or personal data. Check out the video below of Pen Test Partners speaking to the Vulnerabilities in the Internet of Things – How Weak Mobile Code Led Us to a Bunch of Silly Vulns. They participated with us at Black Hat in August and speak quite often to the vulnerabilities hidden in connected toys like Hello Barbie and others.