Network Security Jeopardized by Barbie

March 4, 2015
The Internet of Things could be vulnerable to the forces of the dark web.
About the Author
Jeremy Pollard, CET, has been writing about technology and software issues for many years. Pollard has been involved in control system programming and training for more than 25 years.

Hello, Barbie!

Yikes! Is this the first Internet-of-Things (IoT), Wi-Fi-connected kid toy? If it is, it won’t be the last. But as the introduction of Barbie goes, what can go wrong with this?

So here is how it works. Barbie will listen to your child’s words, record them and then—get this—send them over the Internet for processing. If you want them, the conversation highlights will be emailed to you. Pardon?

So, who else is listening to or harvesting the words of a child from a household that can be defined by IP address, as well as shares on the home network since the doll is now a node on the network.

Remember that TVs can now hear what we say at any time and broadcast the conversation. Who needs the NSA?

Just because it can, should it? Beyond the obvious privacy issues, as well as security issues, how can we let the unknown into our homes?

Image courtesy of Mattel

Lest we forget that Industry 4.0 and IoT are the new defined buzzwords of our industry. Just because it can, it doesn’t mean it should. Am I repeating myself? Probably. It’s funny how things come in bunches. I was watching “60 Minutes,” and, bang—DARPA. “This should be good,” I said, wondering if they worry about bringing their kids-to-work program and their Wi-Fi security.

Defense Advanced Research Projects Agency (DARPA) is responsible for the Internet. We all are familiar with the military background of the network, which has morphed into the panacea of everything.

Don’t get me wrong. The Internet is a great invention, but as DARPA Dan suggests, it’s not the Internet that is broken. It’s the things we put onto the Internet that are broken. He is referring to devices that are insecure. DARPA Dan is really Dan Kaufman, who is a video gamer at heart.

A device being insecure is akin to the Titanic having a hole in its shell big enough to sink it. Not recoverable.

Now I am not suggesting that a Barbie doll can bring down a pharmaceutical plant, but imagine. The IoT allows for things such as Nest thermostats, webcams, fridges and washing machines for our homes, which make us vulnerable to the outside world. Maybe not for the nefarious, but for sure the marketing bees could be salivating over the data mining these devices could produce.

The interface for most of these devices is our mobile device. Starting to sound familiar?

We have heard about cars being “taken over,” which makes one wonder about driverless cars. Not for me buddy. In the “60 Minutes” spot, they turned on the windshield sprayers and wipers, horn, and brakes to prove a point. The carmakers do not have systems in place to monitor their vehicles; it seems it is up to the consumer. No different for us.

Learn More: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains

DARPA Dan was hired to secure the Internet. He has made some interesting inroads.

He strongly believes that all devices are inherently insecure. Is there any parent who will question Barbie about her security protocol? I wonder what she would say back.

Not that anyone is creating the Dark Web for industrial espionage, but there is a Dark Web out there, and DARPA has found and developed a search engine called Memex. The only reason I mention this is the fact that there is a Dark Web.

Kaufman mentions that Google and other search engines only see about 5% of the connected data and nodes on the Internet. So this iceberg can in fact sink our Titanic.

While Memex was illustrated in the segment to be the searcher of illicit sex trafficking, it showed the viewing public the amount of stuff that goes on that we have no idea about.

I got a really weird feeling while watching this show. This stuff is real. And our industry is using these technologies more and more, but without the required knowledge on protecting our sandbox.

When a major customer of mine first went Wi-Fi, it was a closed system, or so they thought. This may have been a rookie mistake, but there were three access points which broadcast their SSID. With tools available even back then, a remote hacker could have broken into the network with ease.

Not sure what they would have gained, but the point is they could. Today there are tons of data and information that could be worth something to someone.

DAPRA Dan put the fear of God into me for what may come down the pipe. The IoT is a great concept, but I repeat: Just because it can, doesn’t mean it should.

We have to look after our own backyard for devices and security. That can’t be taken for granted.

About the Author

Jeremy Pollard | CET

Jeremy Pollard, CET, has been writing about technology and software issues for many years. Pollard has been involved in control system programming and training for more than 25 years.