Over the last few days, many children will have received gifts of the latest interconnected toys. Sadly as a security community we know many of these will be insecure. We’ve seen lots of reports about how Barbie and Cayla can be easily hacked.
Some have claimed there is not yet a toy they’ve found that they could not break into.
I am looking forward to a news story along the following lines…
“As experienced penetration testers we’ve tried everything we know, but can’t break it:
- Reverse engineering the controlling app, to inspect the source code. No hidden passwords or points of interest found;
- Web connections all use TLS with pinned certificates, and we can’t get the keys;
- Entropy of the symmetric TLS session keys is good too;
- The cloud service stacks up to penetration testing. SQL injections did not work;
- Network sniffer tools found nothing to cause alarm;
- We extracted the toy firmware, reverse engineered it, no problems found;
- We pulled the hardware apart, no removable hidden micro SD cards to play with;
- No control ports we could do anything useful with;
- Overflowed any buffers we could find, no issues;
- Wi-Fi and Bluetooth configurations were solid.”
“In short, we’ve thrown the tool bag at it, and nothing bad happened.”
2015 did bring some cheer along these lines with the Tesla hack, where the developers were praised for the care taken in their security design.