[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Hello Barbie controversy re-ignited with insecurity claims
From: InfoSec News <alerts () infosecnews ! org>
Date: 2015-11-30 11:00:13
Message-ID: alpine.DEB.2.02.1511301100010.794 () infosecnews ! org
[Download RAW message or body]
http://www.theregister.co.uk/2015/11/29/hello_barbie_controversy_reignited_with_insecurity_claims/
By Richard Chirgwin
The Register
29 Nov 2015
Back in February, The Register queried the security and privacy
implications of Mattel's "Hello Barbie", and now the doll has hit the
shelves, a prominent security researcher has turned up the first security
problems with the toy.
After an initial flurry of concern, the issue went quiet, but last Friday
Matt Jakubowski (formerly of Trustwave's SpiderLabs) reignited it by
extracting Wi-Fi network names, account IDs, and MP3 files from the toy.
That brought a defensive response from Oren Jacob, CEO of ToyTalk (which
provides the cloud processing chunk of Hello Barbie). He called Jakubowski
an "enthusiastic researcher", said the data is "already available" to
customers, and "no major security or privacy protections have been
compromised".
While it's probably easier to get an SSID by standing outside a house and
letting it pop up on your phone's Wi-Fi connection list, an account ID is
another matter, since all an attacker needs is to get a password and they
have access to the Hello Barbie account.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic