WEBVTT - Toys That Spy

0:00:03.560 --> 0:00:05.800
<v Speaker 1>It's not usual for a child to talk to his

0:00:06.040 --> 0:00:09.680
<v Speaker 1>or her toys, but these days those toys are actually listening.

0:00:10.160 --> 0:00:17.079
<v Speaker 1>I'm Jonathan Strickland and this is text up Daily. A

0:00:17.120 --> 0:00:19.600
<v Speaker 1>lot has changed since I was a kid. Back then,

0:00:19.760 --> 0:00:23.239
<v Speaker 1>toys were mostly made of dumb plastic. They were inert,

0:00:23.360 --> 0:00:26.160
<v Speaker 1>only given life through the imaginations of those who played

0:00:26.160 --> 0:00:29.200
<v Speaker 1>with them, and thus my epic saga of what would

0:00:29.200 --> 0:00:32.040
<v Speaker 1>happen if he Man joined forces with Hans Solo to

0:00:32.120 --> 0:00:36.080
<v Speaker 1>fight off the evil Barbie invasion came to pass. Uh,

0:00:36.280 --> 0:00:39.880
<v Speaker 1>my sister owned the Barbie doll. But these days toys

0:00:39.920 --> 0:00:43.479
<v Speaker 1>can contain technologies that make them far more interactive. The

0:00:43.560 --> 0:00:46.960
<v Speaker 1>creative process is no longer a one way street, and

0:00:46.960 --> 0:00:50.000
<v Speaker 1>in at least some of those implementations, there's the potential

0:00:50.120 --> 0:00:52.800
<v Speaker 1>for a lot to go wrong. We're in the age

0:00:52.800 --> 0:00:55.840
<v Speaker 1>of connectivity, and that extends down to the toys companies

0:00:55.880 --> 0:00:59.480
<v Speaker 1>are making for kids. These toys use technologies like WiFi

0:00:59.600 --> 0:01:03.000
<v Speaker 1>and blue tooth to receive information from the Internet, enhancing

0:01:03.000 --> 0:01:05.560
<v Speaker 1>the toys features so that it can do more stuff

0:01:05.600 --> 0:01:09.679
<v Speaker 1>with those who play with it. For example, Hasbro markets

0:01:09.680 --> 0:01:13.240
<v Speaker 1>the Furby Connect interactive toy. Furbi's debut in the late

0:01:13.319 --> 0:01:17.759
<v Speaker 1>nineteen nineties. At that time they were considered pretty advanced. Initially,

0:01:17.800 --> 0:01:21.280
<v Speaker 1>a Furby can only speak in Gibberish. Canonically, it's a

0:01:21.400 --> 0:01:24.880
<v Speaker 1>language called Furbish. Over time, the Furbi begins to throw

0:01:24.920 --> 0:01:27.959
<v Speaker 1>in some English words among the nonsense. This was to

0:01:28.040 --> 0:01:31.000
<v Speaker 1>mimic the way children pick up language over time. The

0:01:31.040 --> 0:01:34.039
<v Speaker 1>toys give the appearance of interactivity, but the truth of

0:01:34.080 --> 0:01:38.200
<v Speaker 1>the matter was that Furbies were simply following a preprogrammed pathway.

0:01:38.360 --> 0:01:41.120
<v Speaker 1>I hope that didn't come as a shock to anyone.

0:01:41.440 --> 0:01:43.959
<v Speaker 1>The Furby Connect is a toy that can actually change

0:01:44.000 --> 0:01:46.840
<v Speaker 1>how it interacts with people over time. You pair the

0:01:46.880 --> 0:01:49.280
<v Speaker 1>toy with a companion mobile app. You can use the

0:01:49.280 --> 0:01:51.360
<v Speaker 1>app to interact with the toy or update it with

0:01:51.440 --> 0:01:54.640
<v Speaker 1>new behaviors, games, and other features. It's a clever way

0:01:54.640 --> 0:01:58.120
<v Speaker 1>to keep the toy relevant and fun to play with. Unfortunately,

0:01:58.520 --> 0:02:02.360
<v Speaker 1>that same connectivity gives toys like the Ferbie Connect It's

0:02:02.440 --> 0:02:06.920
<v Speaker 1>nifty features can also introduce security and privacy vulnerabilities. The

0:02:07.040 --> 0:02:11.760
<v Speaker 1>UK Consumers Association site, which published an article in November

0:02:12.240 --> 0:02:15.840
<v Speaker 1>saying that many of these connected toys, including the Ferbie Connect,

0:02:16.080 --> 0:02:20.000
<v Speaker 1>are vulnerable to malicious interference. According to the article, it

0:02:20.080 --> 0:02:23.880
<v Speaker 1>doesn't even require any hacking in some cases. A few

0:02:23.919 --> 0:02:26.200
<v Speaker 1>of these toys allow anyone to connect to a device

0:02:26.240 --> 0:02:29.840
<v Speaker 1>within Bluetooth range without any security measures to block them.

0:02:29.880 --> 0:02:33.400
<v Speaker 1>That means a person within range could potentially affect a toy.

0:02:33.480 --> 0:02:35.400
<v Speaker 1>Some of these toys allow you to send a message

0:02:35.440 --> 0:02:37.760
<v Speaker 1>to the toy, which then can be converted into a

0:02:37.880 --> 0:02:41.399
<v Speaker 1>verbal message from the toy itself. In a video published

0:02:41.480 --> 0:02:44.520
<v Speaker 1>on the WHICH article, a young boy is playing with

0:02:44.560 --> 0:02:48.520
<v Speaker 1>a robot with this Bluetooth connectivity. A lurking figure outside

0:02:48.560 --> 0:02:51.480
<v Speaker 1>the window notices this and uses a smartphone to connect

0:02:51.480 --> 0:02:53.399
<v Speaker 1>to the toy and sends a message to the young

0:02:53.440 --> 0:02:56.639
<v Speaker 1>boy asking him to open the front door. The site

0:02:56.639 --> 0:02:59.200
<v Speaker 1>acknowledges that for this to work in the way shown

0:02:59.200 --> 0:03:02.040
<v Speaker 1>in the video, the connection would need to be unsecured

0:03:02.200 --> 0:03:04.239
<v Speaker 1>and the potential threat would have to be quite close.

0:03:04.560 --> 0:03:08.040
<v Speaker 1>The broadcast range for Bluetooth is about ten meters. WiFi

0:03:08.120 --> 0:03:11.239
<v Speaker 1>connected toys might have a slightly greater range, depending upon

0:03:11.280 --> 0:03:14.680
<v Speaker 1>the router, though if the WiFi network isn't secured, then

0:03:14.720 --> 0:03:18.400
<v Speaker 1>there may be other issues to deal with beyond compromised toys.

0:03:18.440 --> 0:03:22.640
<v Speaker 1>Some consumer advocacy groups have voice. Similar concerns about other toys,

0:03:22.720 --> 0:03:26.720
<v Speaker 1>including those toys capacity to listen in on conversations. Some

0:03:26.840 --> 0:03:28.840
<v Speaker 1>of these toys are meant to allow children to talk

0:03:28.840 --> 0:03:32.320
<v Speaker 1>to them, ask questions, and hold basic conversations, but that

0:03:32.360 --> 0:03:35.160
<v Speaker 1>means the toys themselves need microphones and have to send

0:03:35.240 --> 0:03:38.839
<v Speaker 1>information to the cloud to get appropriate responses. That means

0:03:38.880 --> 0:03:41.640
<v Speaker 1>the toys are effectively listening, and if a toy is

0:03:41.680 --> 0:03:45.040
<v Speaker 1>listening in might pick up stuff it's not supposed to hear.

0:03:45.400 --> 0:03:48.040
<v Speaker 1>Depending upon how that information is processed in the cloud,

0:03:48.320 --> 0:03:51.160
<v Speaker 1>the data could end up causing harm further down the road.

0:03:51.680 --> 0:03:55.320
<v Speaker 1>In twenty hackers showed they could compromise the Hello Barbie

0:03:55.320 --> 0:03:58.800
<v Speaker 1>connected doll and use it to spy on people. At first,

0:03:58.840 --> 0:04:01.680
<v Speaker 1>it seemed like Mattel, a manufacturer of Barbie dolls, had

0:04:01.680 --> 0:04:04.280
<v Speaker 1>done a decent job with security. The Barbie doll would

0:04:04.280 --> 0:04:07.440
<v Speaker 1>only listen when you pressed a button that would activate

0:04:07.480 --> 0:04:11.400
<v Speaker 1>the microphone. Further, the doll would encrypt recorded audio, making

0:04:11.400 --> 0:04:14.080
<v Speaker 1>it unintelligible to anyone who might intercept the file as

0:04:14.120 --> 0:04:17.200
<v Speaker 1>it was sent from doll to Mattel's servers. But hackers

0:04:17.200 --> 0:04:20.800
<v Speaker 1>figured out how to compromise the doll itself. Over WiFi connections.

0:04:20.960 --> 0:04:24.400
<v Speaker 1>Presumably they had physical access to the doll and connected

0:04:24.440 --> 0:04:27.040
<v Speaker 1>it to their own WiFi network to make the changes.

0:04:27.520 --> 0:04:29.800
<v Speaker 1>Once they had done so, they could remove some of

0:04:29.839 --> 0:04:32.440
<v Speaker 1>those safety features so that they could listen in even

0:04:32.520 --> 0:04:35.320
<v Speaker 1>if the button were not pressed, and skip that whole

0:04:35.440 --> 0:04:39.200
<v Speaker 1>encryption process. The doll would effectively become a bug, kind

0:04:39.240 --> 0:04:43.360
<v Speaker 1>of like in spy movies. Also, spy movie Barbie would

0:04:43.360 --> 0:04:47.120
<v Speaker 1>be a pretty cool toy. According to the Guardian, compromising

0:04:47.120 --> 0:04:50.200
<v Speaker 1>the doll would be just the first step. Accessing information

0:04:50.240 --> 0:04:52.600
<v Speaker 1>on the doll itself would give hackers the information they

0:04:52.680 --> 0:04:56.039
<v Speaker 1>need to log into the target's WiFi network. In other words,

0:04:56.160 --> 0:04:59.039
<v Speaker 1>they could access the WiFi password and then intrude on

0:04:59.080 --> 0:05:03.080
<v Speaker 1>that network, pretend really snooping on communications or compromising other

0:05:03.120 --> 0:05:06.120
<v Speaker 1>connected systems within the home. The doll would become a

0:05:06.200 --> 0:05:10.000
<v Speaker 1>gateway to a person's entire network. In this case, it

0:05:10.040 --> 0:05:12.200
<v Speaker 1>requires a lot more work than just connecting to an

0:05:12.240 --> 0:05:15.440
<v Speaker 1>unsecured toy over Bluetooth. But the point the hackers were

0:05:15.480 --> 0:05:18.279
<v Speaker 1>making is that in the age of connectivity, this is

0:05:18.360 --> 0:05:21.560
<v Speaker 1>also an age of security vulnerabilities. We need to take

0:05:21.600 --> 0:05:25.040
<v Speaker 1>greater care in designing and implementing technologies that connect wirelessly

0:05:25.120 --> 0:05:29.000
<v Speaker 1>to networks, particularly when those technologies are intended for children.

0:05:29.480 --> 0:05:33.000
<v Speaker 1>To learn more about internet security, wireless technologies, and high

0:05:33.000 --> 0:05:36.120
<v Speaker 1>tech toys, check out the tech Stuff podcast we publish

0:05:36.200 --> 0:05:38.560
<v Speaker 1>on Wednesdays and Fridays and take a deep dive on

0:05:38.600 --> 0:05:41.120
<v Speaker 1>these subjects and more. I'll see you again soon.