Hello Barbie Is Prone To 'Poodle Bugs'
American multinational toy company Mattel partnered with ToyTalk to create Barbie dolls that are connected to the Internet. However, the doll suffers insecurities as researchers found out that the doll was prone to a bug known as Poodle.
Hello Barbie, the iconic doll that can connect to the Internet designed by Mattel, has been found out to have insecurities by computer security researchers. The doll's accompanying app for iOS and Android has been found out to have several flaws that might allow hackers to eavesdrop on communications between the doll and the cloud servers where it is connected.
Hello Barbie uses wireless fidelity to transmit audio from children talking to the dolls to the servers, which process the communication and responses in return. It acts like a child's digital assistant, like Cortana from Microsoft or Siri from Apple.
OpenDNS Research Director Andrew Hay along with Bluebox Security researchers discovered that the doll uses a digital ID system that hackers can abuse. Potentially, the flaw may permit them to spy on communications between the server and the doll. Also, the vulnerability affects the Hello Barbie app for Android and iOS. In addition to the flaw, researchers discovered that smartphones with the Hello Barbie app will automatically connect to Wi-Fi networks with "Barbie" names attached to them.
Padding Oracle On Downgraded Legacy Encryption, also known as the Poodle bug, is a middleman exploit that destroys encryptions. This is the main reason that researchers from Google raised the alarm more than a year ago as it failed the tech giant's clients back to SSL 3.0.
Mattel partnered with ToyTalk in designing the Hello Barbie app. On the other hand, ToyTalk is a startup technology company founded in 2011 by former Pixar executives.
ToyTalk Chief Technology Officer and co-founder Martin Reddy stated that Bluebox alerted them of the problem and that they have been working on the issue. Nevertheless, he did not mention whether the issue was in the authentication credential or the digital ID, or whether the vulnerability had been fixed or an app release update would be coming soon to fix the issue.
Is Lenovo Ditching Microsoft and Going with the Linux Operating System?
Is Lenovo really ditching Microsoft and going for Linux? Why?
Bug Bounty Hunter Discovers Severe Authentication Bypass in Apple's Servers and Earns $100,000
A bug bounty hunter has discovered an authentication bypass bug that could've led to user accounts getting hijacked! They earned a whopping $100,000!
[Hack] Apple iPhone XR Drops $200 From $576 After Rebates: Here's How to Get it
Why spend the entire $576 on the Apple iPhone XR when you can get $200 of that amount back? Here's how to get the phone for only $376!
Xbox Series X? Why Didn't Microsoft Just Call it Xbox Series PC?
The Xbox Series X is coming up soon but a recent blog post explains how it's more similar to a PC than the usual Xbox.
Apple iPhone 13 Camera Setup Leak for 2021!
Although the iPhone 12 has not yet reached the market, the iPhone 13's possible camera setup has already been leaked!
MORE IN ITECHPOST
Is Amazon Censoring Coronavirus Information? Elon Musk Thinks So And He Wants To Shut Them Down
Amazon recently censored a coronavirus skeptic's book on their store temporarily. Elon Musk in a recent Twitter post disagrees with how they handle things and wants them to shut down.
Ancient Maya Civilization: Newly Discovered Artificial Plateau Challenges Traditional Archaeological Beliefs
Scientists have recently discovered new information about ancient Maya civilization breaking the traditional archaeological belief.
Leak Shows That A Red Dead Redemption Remake Is Coming To The PlayStation 5 and Xbox Series X
An anonymous leak has shown that the next-gen consoles will be getting a remake of the classic Western shooter game Red Dead Redemption. Is John Marston staying?