Security Security expert says hackers can take over Wi-Fi Hello Barbie to steal information and spy on kids

midian182

TechSpot Editor
Staff member

Security experts have warned that Mattel’s latest Wi-Fi enabled Barbie doll can easily be exploited by hackers to spy on children and listen in on household conversations without the owner’s knowledge.

In addition to having Wi-Fi capabilities, the Hello Barbie doll features speech recognition technology that allows it to listen to a child and respond via voice – like a less-advanced version of digital assistants such as Cortana and Siri. Mattel says the toy “listens and remembers the user's likes and dislikes, giving everyone their own unique experience.”

The conversations are recorded and stored on the servers of ToyTalk, the company behind the technology. There’s even an option for parents to upload and share the conversations online.

Security researcher Matt Jakubowski discovered that when connected to a Wi-Fi network the doll was vulnerable to hackers. He was easily able to access the doll’s account information, system information, stored audio files and microphone.

Jakubowski told NBC: “You can take that information and find out a person’s house or business. It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.”

The doll only listens in on a conversation when a button is pressed and the recorded audio is enctypted before being sent to the ToyTalk servers, but Jakubowski believes once a hacker has control of the doll its privacy features could be bypassed.

Not only could the Barbie be used to steal personal information, but hackers could figure out how to update its server information to send microphone data to a different one entirely. That new server could send any replies it wants to the doll, essentially taking over its verbal responses.

6,600 people have signed a petition launched by the Campaign for a Commercial-Free Childhood urging Mattel to drop Hello Barbie. In an open letter to Mattel CEO Christopher Sinclair, campaigners said: “Children naturally confide in their dolls, and reveal a great deal about themselves when they play. It is wrong for Mattel and your technology partner ToyTalk to record, transmit, and analyze these intimate conversation(s) [...] Please show your leadership and concern for the health and safety of children and families by immediately ending all marketing and production of "Hello Barbie."

Permalink to story.

 
Last edited by a moderator:

Hexic

TS Evangelist
This issue was the very first thing that came to my mind when reading the announcement for this product - especially with something uniquely personal for kids, containing a constant third party connection.

It'll be interesting to see what (if anything) happens with this product.
 
  • Like
Reactions: midian182

SecureThoughtC

TS Rookie
Before companies put products like this out they should think about the safety and security of our children. They should ensure that their products are safe from hackers because even adults can get into trouble on the internet, just imagine what could happen if a young child has unsecured access to the internet.
 

Uncle Al

TS Evangelist
Soooooooo .... Barbie really is a snitch after all! Reminds me of that old joke of the two newest versions of the Barbie doll: (1) Single, swinging barble that comes with nothing but only costs $5 and (2) Divorced Barbie, which costs $150 ... probably because it comes with all of Kens stuff .....
 
  • Like
Reactions: Hexic

Hexic

TS Evangelist
Soooooooo .... Barbie really is a snitch after all! Reminds me of that old joke of the two newest versions of the Barbie doll: (1) Single, swinging barble that comes with nothing but only costs $5 and (2) Divorced Barbie, which costs $150 ... probably because it comes with all of Kens stuff .....
And child support!
 
  • Like
Reactions: Uncle Al

MilwaukeeMike

TS Evangelist
You can take that information and find out a person’s house or business.
If you know where the barbie is so you can hack into it, don't you already know the person's house or business?

This sounds more like an episode of CSI Cyber than anything else. I doubt this could ever become a big deal... it's a $75 barbie?! How many could they possibly sell?
 

PurpleYoda

TS Enthusiast
Before companies put products like this out they should think about the safety and security of our children. They should ensure that their products are safe from hackers because even adults can get into trouble on the internet, just imagine what could happen if a young child has unsecured access to the internet.

Bla bla bla... "Money makes the world go around,
The world go around,
The world go around,
Money makes the world go around,
Of that we can be sure."

Stop being naive... To make them listen vote with your wallet!
 

captaincranky

TechSpot Addict
Hacking the doll has some humorous possibilities as well . (*)

You could have:

"Call Girl Barbie" ;)

"Dominatrix Barbie" :eek:

"Nagging Wife Barbie" :(

And last but certainly not least:

"Annoying Meter Maid You'd Like to Punch Out Barbie" :mad:

In any case, I'm sure the thousands of petitioners trying to have, "Privacy invasion Barbie" recalled, will doubtless find little humor in this suggestion. But still, it would offer young women an overview on which career choices she might "embrace", and those which might be best left alone.......:cool:

Without further ado, here are the "West Coast Meter Maids":

Individuals shown may not exactly typify meter maids in your region. But then again, they are spitting images of "Barbie".

(Gold Lycra bikini sold separately).
 
Last edited:

Camikazi

TS Evangelist
Hacking the doll has some humorous possibilities as well . (*)

You could have:

"Call Girl Barbie" ;)

"Dominatrix Barbie" :eek:

"Nagging Wife Barbie" :(

And last but certainly not least:

"Annoying Meter Maid You'd Like to Punch Out Barbie" :mad:

In any case, I'm sure the thousands of petitioners trying to have, "Privacy invasion Barbie" recalled, will doubtless find little humor in this suggestion. But still, it would offer young women an overview on which career choices she might "embrace", and those which might be best left alone.......:cool:

Without further ado, here are the "West Coast Meter Maids":

Individuals shown may not exactly typify meter maids in your region. But then again, they are spitting images of "Barbie".

(Gold Lycra bikini sold separately).
Gold Coast Meter Maids and they are from Australia.
 

captaincranky

TechSpot Addict
Gold Coast Meter Maids and they are from Australia.
OK, I stand corrected.. Or, "my bad", as today's children are wont to say.

Still, they do look like "Barbies", and I doubt if they were born in those bikinis.

Will ya give me 2 out of 3?

Although, you have to admitl, this brings an entirely new dimension to the saying, "I'll slip an extra shrimp on the barbie for you"
 
Last edited:

Camikazi

TS Evangelist
OK, I stand corrected.. Or, "my bad", as today's children are wont to say.

Still, they do look like "Barbies", and I doubt if they were born in those bikinis.

Will ya give me 2 out of 3?

Although, you have to admitl, this brings an entirely new dimension to the saying, "I'll slip an extra shrimp on the barbie for you"
2 out of 3, deal.
 

learninmypc

TS Evangelist
If you know where the barbie is so you can hack into it, don't you already know the person's house or business?

This sounds more like an episode of CSI Cyber than anything else. I doubt this could ever become a big deal... it's a $75 barbie?! How many could they possibly sell?
I watched an episode of CSI Cyber related to this. It was a baby monitor episode.