"Hello Barbie" still owes us a conversation about cybersecurity and privacy
Irina Raicu is the director of the Internet Ethics program at the Markkula Center for Applied Ethics at Santa Clara University. Views are her own.
"Hello Barbie" (the internet-connected toy that I’ve blogged about before, here and here) was discontinued in 2017. As an article pointed out back then, “ToyTalk, the tech company that supports Hello Barbie, is no longer updating the app associated with the 2015 Barbie.” But children's conversations with the doll didn't stop. In the age of the internet of things, “smart” toys can continue to be a problem long after their manufacturer gives up on them.
“Cloudpets May Be Out of Business, But Security Concerns Remain,” warns a recent article by Tara Seals in ThreatPost. As Seals notes, “it’s the installed base of the connected cuddlies that should be of greater concern.” Long after being discontinued, internet-connected toys remain in children’s bedrooms—and, while retailers may pull them off the shelf (as some did with Cloudpets after being warned by a Mozilla-generated report), they may also remain available through various resellers.
Disturbingly, Seals also cites a holiday-season survey administered last November, which found that “nearly 53 percent of the IoT devices that respondents intended to purchase were toys…. well ahead of the 23.6 percent that said they would buy wearable devices and the 22.4 percent each that planned to purchase home security and smart home devices like thermostats or vacuums.”
So internet-connected toys are likely to continue to rise from the discontinued shelves, like privacy-invasive zombies.
I’ve argued before that privacy itself is a beautiful zombie—whose “death” is repeatedly announced, but who is potentially reborn with every new thought, every new communication, every new opportunity to disclose certain information to some and not to others. So maybe I should find a different metaphor for discontinued “smart” toys, with their companion apps no longer supported or updated. They remind me more of the terrifying toy mash-ups built by Sid in the Toy Story movie—except maybe scarier, because on the outside they seem fine, while on the inside they contain multiple vulnerabilities.
“Last year,” Tara Seals writes, “independent researcher Troy Hunt found several issues with the CloudPets back end, starting with the public exposure of a Mongo database containing more than 2 million voice recordings by kids and parents. As a result, it was stolen and held for ransom more than once last year.” Voice recordings of (one hopes) loving messages, held for ransom. Cuddly comfort creatures that are really portals for hackers to enter unsuspecting people’s homes. The dystopian movie scripts write themselves.
Long after her chatty conversations about fashion and such have been uploaded to the cloud, Hello Barbie still owes us a conversation about cybersecurity and privacy.
Photo by Roman Magician, cropped, used under a Creative Commons license.