Barbie says hello to more security flaws
Hot on the heels of last Friday's news of the potential of the Wi-Fi enabled Hello Barbie doll to be hacked, new research has uncovered security issues with the mobile app associated with the doll and with its connections to cloud servers.
Application security specialist Bluebox working with independent researcher Andrew Hay has revealed that the app can be modified to reveal confidential information including passwords.
It also finds that the app will connect a mobile device to any unsecured Wi-Fi network as long as it has 'Barbie' in the name, allowing for a network spoofing attack to be carried out by an attacker impersonating the Barbie network to steal data.
The app also utilizes an authentication credential that can be re-used by attackers, and it shipped with unused code that serves no function but increases the overall attack surface.
On the server side client certificate authentication credentials can be used outside of the app by attackers to probe any of the Hello Barbie cloud servers to look for more vulnerabilities. In addition the research found that the ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack, allowing attackers to downgrade connection security and listen in on communications to the server such as uploaded conversation from the doll.
Bluebox Labs has disclosed all critical security issues to Mattel partner ToyTalk and a number of the problems have already been resolved.
Writing on the Bluebox blog, security research engineer Andrew Blaich says, "All of the issues discovered point to the need for more secure app development, as well as the need for integrating self-defending capabilities into not only stand-alone mobile apps, but also the apps that power IoT devices like Hello Barbie. Ultimately, this research demonstrates the security of the mobile apps associated with IoT devices must be a higher priority".