Hello Barbie is hackable, exposes children’s conversations with the doll

hello barbie blabbermouth exposes childrens conversations hackers
A high-tech Barbie is terrible at keeping secrets. Toymaker Mattell is finding this out the hard way after a security firm revealed that Hello Barbie, a version of the beloved doll that comes with Wi-Fi and speech recognition technology, is vulnerable to hacking.

Hello Barbie, which sells for $74.99, uses Wi-Fi connectivity and speech recognition technology to give children an interactive toy that can “discuss anything,” according to Mattel. The problem is that ToyTalk, the company behind the modern technology in the doll, has vulnerable servers, which means children’s recorded conversations with Hello Barbie could potentially be accessed without permission.

Bluebox, the security firm that revealed the doll’s vulnerabilities, shares that the Hello Barbie app for iOS and Android has a number of flaws, including the use of an authentication credential that can be reused by attackers and useless code that “increases the overall attack surface.”

“The ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack,” according to Bluebox.

All this means that hackers could potentially access, listen to and reconstruct recordings of children’s conversations with Hello Barbie.

“We have been working with Bluebox and appreciate their Responsible Disclosure of issues with respect to Hello Barbie,” ToyTalk CTO Matt Reddy told Gizmodo. “We are grateful that they informed us of relevant security vulnerabilities, which have been addressed.”

This revelation came on the heels of a warning from another researcher who said he found a flaw that could allow hackers to discover the home addresses of Hello Barbie owners, according to CNET.

The Hello Barbie news has likely gotten the attention of the FTC, according to a former director of the FTC’s Bureau of Consumer Protection.

Vtech, an electronics manufacturer based in Hong Kong, is working through a similar issue of its own as it responds to a security breach of its Learning Lodge app store database. That breach made accessible personal information such as email addresses, passwords, and mailing addresses.


Midrange phones can’t do A.I., but MediaTek’s P90 chip aims to change that

MediaTek has announced the Helio P90 mobile processor, which it says will bring the best A.I. features we see on high-end smartphones, to the mid-range. We spoke to the company about the chip.
Movies & TV

The best shows on Netflix, from 'Haunting of Hill House’ to ‘Twilight Zone’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Emerging Tech

The 20 best tech toys for kids will make you wish you were 10 again

Looking for the perfect toy or gadget for your child? Thankfully, we've rounded up some of our personal favorite tech toys, including microscopes, computer kits, and a spherical droid from a galaxy far, far away.

Get caught up on all things 'Fallout 76,' including recent controversies

Bethesda's Fallout 76 takes the open world series in a new direction. With an emphasis on co-op, survival, and rebuilding a broken world, Fallout 76 is a far different game than its predecessors.

Microsoft is ‘handing even more of online life’ to Google, Mozilla CEO says

Not everyone is happy with Microsoft's switch to Google's Chromium engine. In a new blog post, Mozilla CEO Chris Beard writes that he believes the move is "handing online life control" to Google.

Edit, sign, append, and save with six of the best PDF editors

There are plenty of PDF editors to be had online, and though the selection is robust, finding a solid solution with the tools you need can be tough. Here, we've rounded up best PDF editors, so you can edit no matter your budget or OS.

Google Translate updated to reduce gender bias in its translations

Google is changing how Google Translate offers translations. Previously when you entered a word like doctor, Translate would offer a masculine interpretation of the word. Now, Translate will offer both masculine and feminine versions.

How to easily record your laptop screen with apps you already have

Learning how to record your computer screen shouldn't be a challenge. Lucky for you, our comprehensive guide lays out how to do so using a host of methods, including both free and premium utilities, in both MacOS and Windows 10.

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.

Encryption-busting law passed in Australia may have global privacy implications

Controversial laws have been passed in Australia which oblige tech companies to allow the police to access encrypted messages, undermining the privacy of encryption with potentially global effects.

Can Microsoft’s Airband Initiative close broadband gap for 25M Americans?

A new report from the Federal Communications Commission (FCC) says that 25 million Americans do not have access to broadband internet. Of these, more than 19 million are living in rural communities. Can Microsoft help out?

Microsoft’s Chromium Edge browser may be adding your Chrome extensions

Fans sticking to Google Chrome because due to its vast extension library might be able to switch over to Microsoft's latest iteration of Edge, as a project manager confirms that the company has its eyes on Chrome extensions.

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.

Google+ continues to sink with a second massive data breach. Abandon ship now

Google+ was scheduled to shut its doors in August 2019, but the second security breach in only a few months has caused the company to move its plan forward a few months. It might be a good idea to delete your account sooner than later.