 |
| On CSI:Cyber, television kidnappers hack baby camera firmware to spy on children. |
 |
| The Hello Barbie, waiting to have a chat with your kids. |
"Furbies are listening to everything!"
Sixteen years ago in 1999, the National Security Agency(NSA) banned Hasbro's Furbies from their premises. This was due to the little toys having the ability to listen and "learn" new phrases. The toys had limited English vocabulary and smaller vocabulary of words in their own language, Furbish. Instead of learning like a parrot, further English words were unlocked slowly until the Furby spoke mostly English with a few Furbish phrases. The NSA was being cautious as Furbies were brand new and produced in factories in China, where it's possible that foreign spies could insert radio chips into the toys.
 |
| An original 90's Furby. They (probably)weren't spying on your kids. Credit: @blamethecrane http://www.flickr.com/people/66376272@N07/ |
These original Furbies were not network connected. Furbies have been reverse engineered to see how they function and how to repair them, but no special radio chips were found inside to allow criminals and spies to listen in on private conversations.
Today the same can't be definitively said of modern Furby Booms with their own iPhone and Android apps. One can feed them when they're hungry, play games with them on your iPad, give them "medical" check ups when they get "ill". These additional functions just need a compatible mobile app.
An attacker looking to control a modern Furby has much of the hard work done. Like the original Furbies, the new ones have also been reverse engineered to see how they function and/or to modify their behavior. Researchers have even decompiled and analyzed the Android app to work out the communication API. Unlike Hello Barbie, even a modern Furby doesn't have the hardware to send anything children say over the Internet.
Shhhh... Hello Barbie is around
There has been talk about not inviting Hello Barbie into our homes; not allowing her to speak with our kids. The arguments have been that it's like bringing an open microphone into your children's bedrooms, or in some cases even worse, inviting marketers.
Hello Barbie has only been seen in demos so far and she won't be available for purchase for months. Is she secretly listening? Maybe not, it looks like she has an indicator light and plays a tone when she hears you speak.
Her creators say that she will learn from speaking with your child. She's already got an advantage on the Furby. Having a built-in microphone and the ability to send audio to a speech recognition backend lets her respond more like a real person.
A Hello Barbie is able to communicate over the Internet. Does it have it's own account like the power meter on the side of your house? Or like late model cars? No, but it does talk back to the its creators in a similar fashion that the power meter communicates to the Utility.
Hello Barbie beats the Furbies by actually talking to a child, remembering and responding to a child. This makes for a very social toy. Powered by Mattel's partner ToyTalk, who specialize in speech recognition.
The folks behind Hello Barbie's people skills
ToyTalk is a company founded by ex-Pixar people that specializes in creating apps for children that encourage communication. They create technology for speech recognition, specialized for children instead of adults. The company makes a line of mobile games and interactive stories.
 |
| Some of the iOS games made by ToyTalk. Kids can play along and chat with game characters. |
Their backend technology is driving the Hello Barbie's ability to learn and understand when talking to a child.
As the games ToyTalk produce are frontends that encourage children to speak with characters, there is some care to ensure that parental consent is acquired. If you let your kid play the games, you need to sign up for an account with your email and agree to let ToyTalk analyze your kid's conversations. Since you would then have an account, the company can give you access and control over your kids recordings. If you don't sign up for an account, your kids can still play but the conversation portions of the game are not active.
As the games ToyTalk produce are frontends that encourage children to speak with characters, there is some care to ensure that parental consent is acquired. If you let your kid play the games, you need to sign up for an account with your email and agree to let ToyTalk analyze your kid's conversations. Since you would then have an account, the company can give you access and control over your kids recordings. If you don't sign up for an account, your kids can still play but the conversation portions of the game are not active.
In the case of Hello Barbie, the doll will likely be inactive until parents activate their own accounts and enabling conversation mode. That would still leave your child with a Barbie, albeit an expensive one.
Threats to our toys: are our children safe?
- Should we be worrying that criminals will hijack our children's Barbies in order to convince them to run away or follow that stranger?
- No. Expect that to be the plot of a future episode of CSI:Cyber or Scorpion.
- Will they attack our apps?
- Almost certainly.
- Will they attack our children's apps?
- Possibly. Criminals, especially computer criminals tend to look for a profit. It's more likely they'll try to steal financial information(e.g. overheard credit card numbers) at the kitchen table rather than the name of your kid's best friend.
- Will criminals use modified firmware to create a botnet of Hello Barbies to steal the money from all of our Apple Pay accounts?
- No. Also more likely a plot for CSI:Cyber.
