The new hackable Hello Barbie doll is giving a way into the minds of children. It is the first Barbie doll that has artificial intelligence, allowing the doll to listen to what is said around it and it then stores the information in the cloud when its belt buckle is pressed.
NBC Chicago reports that the dialogue saved in the cloud can later be accessed through a smartphone to communicate with the people it is interacting with. The Campaign for a Commercial-Free Childhood (CCFC) has protested against parents that purchase the doll since it poses a threat to children's privacy. The CCFC has gone as far as launching a “Hell No Barbie” campaign setting forth arguments that plead with parents to stay away from the doll.
“Children confide in dolls and reveal intimate details about their lives, but Hello Barbie won't keep those secrets. When Barbie's belt buckle is held down, everything your child says is transmitted to cloud servers where it will be stored and analysed by ToyTalk, Mattel's technology partner. Employees of ToyTalk and their partner corporations listen to recordings of children's conversations, and ToyTalk won't even say who their partners are,” the CCFC stated.
Security researcher Matt Jacubowski who contributed to the NBC findings revealed that he successfully hacked the doll's operating system and was able to gain access to Wi-Fi network names, the internal MAC address, account IDs and MP3 files. With this information, Jacubowski could easily get into a home network, listen to the recordings by Barbie and modify the doll to suit his needs. “It's just a matter of time until we are able to replace their servers with ours and have her say anything we want,” says Jacubowski.
ToyTalk intends to launch a bug bounty programme in the future for researchers to discover vulnerabilities in the doll.