Cyber security experts have discovered the latest Wi-Fi enabled Barbie doll can be easily hacked and used to spy on their owners and their families.
Mattel, makers of The Hello Barbie Doll, market the doll as the world’s first “interactive doll” which is able to listen to a child and and respond via voice. The technology is similar to Microsoft’s Cortana, Google’s Now and Apple’s Siri, via Wi-Fi. The doll contains a microphone to record children and sends that off to third-parties to be processed before answering with natural language responses.
U.S. security researcher Matt Jakubowski says he has been able to hack into the doll very easily.
As soon it is connected to Wi-Fi, the doll becomes vulnerable to hacking, which allows access to system information, stored audio files, owner's account information and the microphone.
Jakubowski says, “You can take that information and find out a person’s house or business. It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.”
Although Hello Barbie only listens in on a conversation when a button is pressed, and the recorded audio is encrypted before being sent over the internet, a hacker can still override the privacy features.
His major concern is just how easily the doll can be compromised. Information stored by the doll allows hackers to take over a home's Wi-Fi network and gain access to other internet connected devices to steal personal information.
There have been previous Hello Barbie privacy concerns. When it was released last March, privacy advocates warned that because a child’s conversations with their doll is recorded and analysed, it should not be allowed to be sold. They also warned Hello Barbie could become the ultimate in audio surveillance tool for hackers. Mattel has not yet commented on the issue.
However Oren Jacob, the chief executive of ToyTalk, an entertainment company pioneering the art of conversation with characters, says he is not overly concerned with the latest report.
“An enthusiastic researcher has reported finding some device data and called that a hack. While the path that researcher used to find that data is not obvious and not user-friendly, it important to note that all that information was already directly available to Hello Barbie customers through the Hello Barbie Companion App. No user data, no Barbie content, and no major security nor privacy protections has been compromised to our knowledge.”