Cybersecurity researchers have uncovered and revealed a variety of major security flaws in the new Wi-Fi enabled Hello Barbie, according to a security report.
The technologically advanced doll allows children to speak to the toy, sending their recorded speech over the internet to be processed, with Barbie then reciting back a suitable, algorithmically-generated response. Parents have the option of being sent an email transcript of their child’s “conversation highlights.”
It is a toy that has frequently been criticised for being creepy, but only now can it that title with full sincerity. Researchers have discovered that conversations with the doll can be eavesdropped on, allowing hackers and unsavoury adults to listen to other people’s children for hours on end.
Disturbingly, stories like this are becoming common: kids’ toy company VTech was hacked last month, exposing a heap of profiles, information, and pictures of young children who used the company’s electronic toys.
The flaws were revealed in a report by Bluebox Security and security researcher Andrew Hay, who discovered that there were vulnerabilities within the cloud storage and mobile app. ToyTalk, the San Francisco startup behind Hello Barbie, previously stated that all recorded conversations are kept on computers to improve the toy.
The toy would also connect to any Wi-Fi connection which displayed “Barbie” in the name too, according to the report, leaving data thieves the ability to setup fake Barbie networks and steal information.
Security researchers reportedly informed ToyTalk of the vulnerabilities in Mid-November, leading a Mattel representative to state: “We are aware of the Bluebox Security Report and are working closely with ToyTalk to ensure the safety and security of Hello Barbie.”
Co-founder of ToyTalk, Martin Reddey, also spoke to the Washington Post to declare that they had been working with Bluebox and have “already fixed many of the issues they raised.”
Hello Barbie’s security flaws, along with the VTech hack, should serve as a reminder that technologically advanced children’s toys are not immune to hacks. When they are breached, the results can be distressing.
Charlie Nash is a libertarian writer, memeologist, and child prodigy. When he is not writing, he can usually be found chilling at the Korova Milk Bar, mingling with the infamous. You can follow him on Twitter at @MrNashington.