Security expert says hackers can take over Wi-Fi Hello Barbie to steal information and spy on kidsBy Rob Thubron 13 comments
Security experts have warned that Mattel's latest Wi-Fi enabled Barbie doll can easily be exploited by hackers to spy on children and listen in on household conversations without the owner's knowledge.
In addition to having Wi-Fi capabilities, the Hello Barbie doll features speech recognition technology that allows it to listen to a child and respond via voice - like a less-advanced version of digital assistants such as Cortana and Siri. Mattel says the toy "listens and remembers the user's likes and dislikes, giving everyone their own unique experience."
The conversations are recorded and stored on the servers of ToyTalk, the company behind the technology. There's even an option for parents to upload and share the conversations online.
Security researcher Matt Jakubowski discovered that when connected to a Wi-Fi network the doll was vulnerable to hackers. He was easily able to access the doll's account information, system information, stored audio files and microphone.
Jakubowski told NBC: "You can take that information and find out a person's house or business. It's just a matter of time until we are able to replace their servers with ours and have her say anything we want."
The doll only listens in on a conversation when a button is pressed and the recorded audio is enctypted before being sent to the ToyTalk servers, but Jakubowski believes once a hacker has control of the doll its privacy features could be bypassed.
Not only could the Barbie be used to steal personal information, but hackers could figure out how to update its server information to send microphone data to a different one entirely. That new server could send any replies it wants to the doll, essentially taking over its verbal responses.
6,600 people have signed a petition launched by the Campaign for a Commercial-Free Childhood urging Mattel to drop Hello Barbie. In an open letter to Mattel CEO Christopher Sinclair, campaigners said: "Children naturally confide in their dolls, and reveal a great deal about themselves when they play. It is wrong for Mattel and your technology partner ToyTalk to record, transmit, and analyze these intimate conversation(s) [...] Please show your leadership and concern for the health and safety of children and families by immediately ending all marketing and production of "Hello Barbie."
Hello Barbie, like anything connected to the Internet, is hackable. #HellNoBarbie https://t.co/LnnrnuMejv pic.twitter.com/whL3nGzPNy--- CCFC (@commercialfree) November 12, 2015