Mattel’s “Hello Barbie” doll is hackable and contains security flaws

21 Feb 2019

Toymaker Mattel’s “Hello Barbie”, a high tech Barbie, which sells for $74.99, uses Wifi and speech recognition technology to give children an interactive toy with which they can converse and discuss anything. At least their makers couldn’t possibly have thought that hackers would find a way to hack toys even.

Cyber security researchers at Bluebox, a security firm, revealed this Friday that the application had security flaws that make the toy vulnerable to hacking. They discovered that the mobile app and the cloud storage used by the doll allow hackers to eavesdrop on the recorded play sessions. Attackers could bypass the security barriers and access the recordings of children’s conversation with the Barbie, this alone possess a great concern regarding privacy of children and an even greater concern for their parents.

The week before this Fridays revelation of the vulnerability, another researcher named, Matt Jakybowski, discovered a flaw in this iconic doll which allowed him to pinpoint the addresses of the doll owners. Barbie isn’t the only toy that’s run into safety or privacy concerns related to its Internet connection. Last month, hackers stole account information of more than 6.4 million children who use the Learning Lodge app store for VTech toys. Mattel and software maker ToyTalk have been racing to release patches for the security problems with the doll.

“We have been working with Bluebox and appreciate their Responsible Disclosure of issues with respect to Hello Barbie,” ToyTalk CTO Matt Reddy told Gizmodo. “We are grateful that they informed us of relevant security vulnerabilities, which have been addressed.”
ToyTalk has fixed some of the flaws in the software, it built for Hello Barbie and is working its way through the others. It has also set up a “bug bounty” program about two weeks ago to get reports from any other researchers looking into the doll’s software.

Such security concerns could give parents second thoughts about buying the Internet-connected toys for their children and making them stick to the old-fashioned non-internet connected toys which are at least hack-proof.

View Other Reports