Hello BarbieTM! is an IoT-enabled (Internet of Things) Barbie Doll with blonde hair, blue eyes and a built-in surveillance system. She’s not the first of her kind (and she won’t be the last), but here’s what you should know about bringing it, or any connected device, into your home.
Everything that connects to the public Internet is vulnerable. Encryption does not solve the problem. While it is true that you need about 6.4 billion years to crack a 2048-bit PGP encrypted file, I can probably socially engineer you out of your encryption key by attaching a little piece of malware to an email that offers you two discounted Super Bowl tickets and a deal on a hotel.
In practice, no one, not even the very best whitehat hackers, can predict how clever or innovative blackhat hackers will become, or what kind of unexpected new hacks will evolve. Interestingly, there are two immutable facts of digital life: (1) Everything that can be connected will be connected. (2) Everything that can be hacked will be hacked. This is where Hello Barbie! gets in trouble. But it shouldn’t. Hello Barbie! is not a Barbie Doll; it’s a connected device. Here’s what you need to know:
1 – Barbie Is Not Smart, but She Is Connected
In order to have a conversation with you, Hello Barbie! has to connect to ToyTalk, Inc.’s servers. This requires, in most cases, a WiFi connection and access to the public Internet. How secure is this connection? A better question is, how secure is your home WiFi network (or the public one you’re using to connect the doll)? If you don’t know the answer, Hello Barbie! is not your problem. Your computers, game consoles, the thermostat on your wall or your connected doorbell poses a greater danger to your cyber-safety.