Security expert says hackers can take over Wi-Fi Hello Barbie to steal information and spy on kids

By midian182 · 13 replies
Nov 27, 2015
Post New Reply
  1. Security experts have warned that Mattel’s latest Wi-Fi enabled Barbie doll can easily be exploited by hackers to spy on children and listen in on household conversations without the owner’s knowledge.

    In addition to having Wi-Fi capabilities, the Hello Barbie doll features speech recognition technology that allows it to listen to a child and respond via voice – like a less-advanced version of digital assistants such as Cortana and Siri. Mattel says the toy “listens and remembers the user's likes and dislikes, giving everyone their own unique experience.”

    The conversations are recorded and stored on the servers of ToyTalk, the company behind the technology. There’s even an option for parents to upload and share the conversations online.

    Security researcher Matt Jakubowski discovered that when connected to a Wi-Fi network the doll was vulnerable to hackers. He was easily able to access the doll’s account information, system information, stored audio files and microphone.

    Jakubowski told NBC: “You can take that information and find out a person’s house or business. It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.”

    The doll only listens in on a conversation when a button is pressed and the recorded audio is enctypted before being sent to the ToyTalk servers, but Jakubowski believes once a hacker has control of the doll its privacy features could be bypassed.

    Not only could the Barbie be used to steal personal information, but hackers could figure out how to update its server information to send microphone data to a different one entirely. That new server could send any replies it wants to the doll, essentially taking over its verbal responses.

    6,600 people have signed a petition launched by the Campaign for a Commercial-Free Childhood urging Mattel to drop Hello Barbie. In an open letter to Mattel CEO Christopher Sinclair, campaigners said: “Children naturally confide in their dolls, and reveal a great deal about themselves when they play. It is wrong for Mattel and your technology partner ToyTalk to record, transmit, and analyze these intimate conversation(s) [...] Please show your leadership and concern for the health and safety of children and families by immediately ending all marketing and production of "Hello Barbie."

    Permalink to story.

    Last edited by a moderator: Sep 14, 2016
  2. Hexic

    Hexic TS Maniac Posts: 333   +164

    This issue was the very first thing that came to my mind when reading the announcement for this product - especially with something uniquely personal for kids, containing a constant third party connection.

    It'll be interesting to see what (if anything) happens with this product.
    midian182 likes this.
  3. SecureThoughtC

    SecureThoughtC TS Rookie

    Before companies put products like this out they should think about the safety and security of our children. They should ensure that their products are safe from hackers because even adults can get into trouble on the internet, just imagine what could happen if a young child has unsecured access to the internet.
  4. Uncle Al

    Uncle Al TS Evangelist Posts: 3,339   +1,986

    Soooooooo .... Barbie really is a snitch after all! Reminds me of that old joke of the two newest versions of the Barbie doll: (1) Single, swinging barble that comes with nothing but only costs $5 and (2) Divorced Barbie, which costs $150 ... probably because it comes with all of Kens stuff .....
    Hexic likes this.
  5. Hexic

    Hexic TS Maniac Posts: 333   +164

    And child support!
    Uncle Al likes this.
  6. MilwaukeeMike

    MilwaukeeMike TS Evangelist Posts: 2,890   +1,224

    If you know where the barbie is so you can hack into it, don't you already know the person's house or business?

    This sounds more like an episode of CSI Cyber than anything else. I doubt this could ever become a big deal... it's a $75 barbie?! How many could they possibly sell?
  7. PurpleYoda

    PurpleYoda TS Member Posts: 24   +7

    Bla bla bla... "Money makes the world go around,
    The world go around,
    The world go around,
    Money makes the world go around,
    Of that we can be sure."

    Stop being naive... To make them listen vote with your wallet!
  8. captaincranky

    captaincranky TechSpot Addict Posts: 13,000   +2,529

    Hacking the doll has some humorous possibilities as well . (*)

    You could have:

    "Call Girl Barbie" ;)

    "Dominatrix Barbie" :eek:

    "Nagging Wife Barbie" :(

    And last but certainly not least:

    "Annoying Meter Maid You'd Like to Punch Out Barbie" :mad:

    In any case, I'm sure the thousands of petitioners trying to have, "Privacy invasion Barbie" recalled, will doubtless find little humor in this suggestion. But still, it would offer young women an overview on which career choices she might "embrace", and those which might be best left alone.......:cool:

    Without further ado, here are the "West Coast Meter Maids":
    Individuals shown may not exactly typify meter maids in your region. But then again, they are spitting images of "Barbie".

    (Gold Lycra bikini sold separately).
    Last edited: Nov 29, 2015
  9. Camikazi

    Camikazi TS Evangelist Posts: 925   +284

    Gold Coast Meter Maids and they are from Australia.
  10. captaincranky

    captaincranky TechSpot Addict Posts: 13,000   +2,529

    OK, I stand corrected.. Or, "my bad", as today's children are wont to say.

    Still, they do look like "Barbies", and I doubt if they were born in those bikinis.

    Will ya give me 2 out of 3?

    Although, you have to admitl, this brings an entirely new dimension to the saying, "I'll slip an extra shrimp on the barbie for you"
    Last edited: Nov 30, 2015
  11. Camikazi

    Camikazi TS Evangelist Posts: 925   +284

    2 out of 3, deal.
  12. learninmypc

    learninmypc TS Evangelist Posts: 7,671   +413

    I watched an episode of CSI Cyber related to this. It was a baby monitor episode.
  13. romainB

    romainB TS Enthusiast Posts: 38

    Man! I gotta get rid of all my barbies!!
  14. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,724   +3,699

    Does this include the blowup versions?
    learninmypc likes this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...