Hello! I\’m Barbie – Hack Me!

Hello! I'm Barbie!Bluebox Labs released a report detailing how easy it is to get into Barbie’s bits:

We discovered several issues with the Hello Barbie app including:

•It utilizes an authentication credential that can be re-used by attackers
•It connects a mobile device to any unsecured Wi-Fi network if it has “Barbie” in the name
•It shipped with unused code that serves no function but increases the overall attack surface

On the server side, we also discovered:

•Client certificate authentication credentials can be used outside of the app by attackers to probe any of the Hello Barbie cloud servers
•The ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack

And they didn’t even have to buy her a wee drink…
Hello! I'm Barbie - Hack Me!

One thought on “Hello! I\’m Barbie – Hack Me!”

Something to say...?