Welcome!

@ThingsExpo Authors: Pat Romanski, Carmen Gonzalez, Yeshim Deniz, Elizabeth White, Ruxit Blog

Related Topics: @ThingsExpo, Cloud Security

@ThingsExpo: Article

IoT and Hello Barbie | @ThingsExpo #IoT #M2M #API #InternetOfThings

Hello Barbie™! is an IoT-enabled Barbie Doll with blonde hair, blue eyes and a built-in surveillance system

Five Things You Should Know About Hello Barbie!

Hello Barbie™! is an IoT-enabled (Internet of Things) Barbie Doll with blonde hair, blue eyes and a built-in surveillance system. She’s not the first of her kind (and she won’t be the last), but here’s what you should know about bringing it, or any connected device, into your home.

Everything that connects to the public Internet is vulnerable. Encryption does not solve the problem. While it is true that you need about 6.4 billion years to crack a 2048-bit PGP encrypted file, I can probably socially engineer you out of your encryption key by attaching a little piece of malware to an email that offers you two discounted Super Bowl tickets and a deal on a hotel.

In practice, no one, not even the very best whitehat hackers, can predict how clever or innovative blackhat hackers will become, or what kind of unexpected new hacks will evolve. Interestingly, there are two immutable facts of digital life: (1) Everything that can be connected will be connected. (2) Everything that can be hacked will be hacked. This is where Hello Barbie! gets in trouble. But it shouldn’t. Hello Barbie! is not a Barbie Doll; it’s a connected device. Here’s what you need to know:

1 – Barbie Is Not Smart, but She Is Connected
In order to have a conversation with you, Hello Barbie! has to connect to ToyTalk, Inc.’s servers. This requires, in most cases, a WiFi connection and access to the public Internet. How secure is this connection? A better question is, how secure is your home WiFi network (or the public one you’re using to connect the doll)? If you don’t know the answer, Hello Barbie! is not your problem. Your computers, game consoles, the thermostat on your wall or your connected doorbell poses a greater danger to your cyber-safety.

2 – She’s Not “Always On”
Contrary to sensationalist reports, Hello Barbie! cannot listen to you unless you press the “talk” button. Then, and only then, your voice is recorded, encrypted and transmitted via the public Internet to a remote server (the “cloud”) where the audio file of your voice is stored. The file is stored, and anonymized versions are shared with third-party vendors because the machine-learning tools that Mattel and ToyTalk, Inc. are using “learn” from each interaction with real people. The machine-learning algorithms must be “trained” in order to improve. I wrote an article that may help you better understand this process entitled “Can Machines Really Learn?

3 – Barbie Really Can’t Talk; She Responds
After your voice file is received by ToyTalk, Inc.’s servers, it is analyzed (as quickly as possible) by a natural language processing (NLP) algorithm that attempts to understand what you have said. Then, the algorithm makes its best guess at the most appropriate response from a relatively small list (about 8,000 possible responses – get the full list here), and when you release the button, Hello Barbie! will “talk” to you by playing back the pre-recorded response the algorithm has chosen. You can think of Hello Barbie! as a crippled Siri, OK Google, Cortana or Alexa with very strict response guidelines.

4 – She’s Got a Good Memory for Networking
Hello Barbie! connects to any WiFi network. To accomplish this, you press and hold the power button and the talk button for three seconds until the doll’s necklace flashes white. Then, you launch the Hello Barbie! companion app and enter your network credentials. Like your smartphone, Hello Barbie! can store (remember) WiFi networks it has successfully connected to in the past and automatically connect to them. This is a very convenient feature. For the uninitiated, even this simple connection process is painful. Importantly, Hello Barbie! cannot be used by anyone (owner or hacker) when it is not connected.

5 – She’s a Great Target for Hackers
Maybe. Here’s what a hacker would need to do. First, infiltrate the WiFi network where the Hello Barbie! is being used. Then, figure out a way to store malware in the device. Some good ideas for doing harm include defeating the talk button and getting control of the transducer. This way a hacker could listen to every conversation. Alternatively, a hacker could just copy the audio files from each interaction, or worse, a hacker could use counterfeit servers to replace ToyTalk, Inc.’s servers and trick the user into interacting with the hacker. But here’s the important thing: if a hacker wanted to do harm to someone using digital tools, there are much, much easier ways. Hacking Hello Barbie! is not the path of least resistance, and the value (since no financial or account information is stored in the device) is minimal.

You could argue that recording a child’s conversation with an imaginary friend (albeit an anthropomorphized one) might yield incriminating or useful information about things going on in the household, or something even more nefarious. But it’s 50 times easier to activate the microphone and webcam on an average WiFi-connected laptop (without the user’s knowledge) than it would be to hack this doll. And the results of a dropcam or webcam hack would yield much more usable data.

The Bottom Line
Hello Barbie! is no more dangerous than any smart device you bring into your home. That said, manufacturers need to heed this tale. Mattel has taken some serious flak over its perceived (and in some cases real) lack of security protocols. While any motivated hacker could (and would) have a field day with Hello Barbie!, most motivated hackers can have a field day with a connected toaster oven. That’s what hackers do.

My best advice is to use Hello Barbie! as directed AND do what parents have been doing from the beginning of time: watch your kids. Would you let your 14-year-old daughter entertain a 16-year-old boy in her room with the door closed? Then why would you let any child be connected to the public Internet without adult supervision? Remember, Hello Barbie! is not a Barbie Doll; it’s a connected device. Treat it like one, and everything else will take care of itself.

The post 5 Things You Should Know About Hello Barbie! originally appeared here on Shelly Palmer

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

@ThingsExpo Stories
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Have you ever noticed how some IT people seem to lead successful, rewarding, and satisfying lives and careers, while others struggle? IT author and speaker Don Crawley uncovered the five principles that successful IT people use to build satisfying lives and careers and he shares them in this fast-paced, thought-provoking webinar. You'll learn the importance of striking a balance with technical skills and people skills, challenge your pre-existing ideas about IT customer service, and gain new in...
SYS-CON Events announced today that Hitrons Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Hitrons Solutions Inc. is distributor in the North American market for unique products and services of small and medium-size businesses, including cloud services and solutions, SEO marketing platforms, and mobile applications.
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develop...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
In his session at @ThingsExpo, Steve Wilkes, CTO and founder of Striim, will delve into four enterprise-scale, business-critical case studies where streaming analytics serves as the key to enabling real-time data integration and right-time insights in hybrid cloud, IoT, and fog computing environments. As part of this discussion, he will also present a demo based on its partnership with Fujitsu, highlighting their technologies in a healthcare IoT use-case. The demo showcases the tracking of patie...
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business. Though, IoT is far more complex than most firms expected with a majority of IoT projects having failed. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, Chief IoTologist at Wipro, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology portfolios and business models to adopt and leverage IoT. He will delve in...
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you...
Unsecured IoT devices were used to launch crippling DDOS attacks in October 2016, targeting services such as Twitter, Spotify, and GitHub. Subsequent testimony to Congress about potential attacks on office buildings, schools, and hospitals raised the possibility for the IoT to harm and even kill people. What should be done? Does the government need to intervene? This panel at @ThingExpo New York brings together leading IoT and security experts to discuss this very serious topic.
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in their motivation to succeed. In his Day 2 Keynote at @ThingsExpo, Henrik Kenani Dahlgren, Portfolio Marketing Manager at Ericsson, discussed how to plan to cooperate, partner, and form lasting all-star teams to change the...
The buzz continues for cloud, data analytics and the Internet of Things (IoT) and their collective impact across all industries. But a new conversation is emerging - how do companies use industry disruption and technology enablers to lead in markets undergoing change, uncertainty and ambiguity? Organizations of all sizes need to evolve and transform, often under massive pressure, as industry lines blur and merge and traditional business models are assaulted and turned upside down. In this new da...
“We're a global managed hosting provider. Our core customer set is a U.S.-based customer that is looking to go global,” explained Adam Rogers, Managing Director at ANEXIA, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, introduced the technologies required for implementing these idea...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Onalytica. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, discussed how leveraging the Industrial Internet and...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.