The new Barbie doll, called Hello Barbie, is internet-enabled for a two-way conversation with children to play interactive games and tell stories and jokes. Sounds good, but experts are asking what would happen when hackers, maybe a neighbour, hack into the child’s Barbie doll and control it to say and do nasty things.
Hello Barbie is the new version of Barbie plastic doll first produced by toy maker Matell in 1959. The Hello Barbie was unveiled in February this year. A built-in chip lets the doll listen as children address her. A wireless connection then sends what has been said off to other, beefier computers in a data centre somewhere, whose job is to interpret it and come up with an apt rejoinder.
“Welcome to New York, Barbie,” says a Mattel employee in a demonstration video. “I love New York, don’t you?” responds the doll. “What’s your favourite part about the city? The food, the fashion, the sights or the brothels?”
Well, of course, Barbie did not actually offer that last alternative. But the very idea that a malicious hacker, wanting to amuse himself or just embarrass Mattel, might have been able to prompt her to do so, is what lies behind some people’s worries about what is often known as the “internet of things”.
Modern cars are becoming like computers with wheels. Diabetics wear computerised insulin pumps that can instantly relay their vital signs to their doctors. Smart thermostats learn their owners’ habits, and warm and chill houses accordingly. And all are connected to the internet, to the benefit of humanity.
But the original internet brought disadvantages, too, as people used it to spread computer viruses, worms and malware of all sorts.
Suppose, sceptics now worry, cars were taken over and crashed deliberately, diabetic patients were murdered by having their pumps disabled remotely, or people were burgled by thieves who knew, from the pattern of their energy use, when they had left their houses empty. An insecure internet-of-things might bring dystopia.
Modern cars with sophisticated computer chips and internet-enabled are vulnerable. Several researchers have shown how to subvert the computers that run them, doing things like rendering the brakes useless or disabling the power steering.
Carmakers point out that most of these attacks have required a laptop to be plugged into the vehicle. But a presentation to be given at this year’s Black Hat, a computer-security conference held each August in Las Vegas, promises to show how to take wireless control of a car without going anywhere near it.
Such stunts attract plenty of press coverage. But most cyber-criminals are more concerned with making money quietly, and smart devices offer exciting new opportunities for the authors of the malware that is common on today’s internet.
Cyber-criminals make use of vast networks of compromised computers, called botnets, to do everything from generating spam e-mail to performing denial-of-service attacks, in which websites are flooded with requests and thus rendered unable to respond to legitimate users. Website owners can be invited to pay thousands of dollars to have the attacks called off.
Compromised computers are sometimes used to further other scams, such as “phishing” attacks that try to persuade users to reveal sensitive information such as bank passwords. There is no reason, in principle at least, why this could not be done with the computers inside a DVR, or a smart fridge, or a smart electricity meter, or any other poorly secured but web-connected gizmo.
A recent development is “ransomware”, in which malicious programs encrypt documents and photographs, and a victim must pay to have them restored.
“Imagine trying to bleep open your car one day,” says Graham Steel, the boss of Cryptosense, a firm that makes automated security-checking software, “but then you’re told that your car has been locked, and if you want back in you need to send US$200 to some shady Russian e-mail address.”
– Compiled from The Economist.