Skip to main content

Hello Barbie is hackable, exposes children’s conversations with the doll

hello barbie blabbermouth exposes childrens conversations hackers
Image used with permission by copyright holder
A high-tech Barbie is terrible at keeping secrets. Toymaker Mattell is finding this out the hard way after a security firm revealed that Hello Barbie, a version of the beloved doll that comes with Wi-Fi and speech recognition technology, is vulnerable to hacking.

Hello Barbie, which sells for $74.99, uses Wi-Fi connectivity and speech recognition technology to give children an interactive toy that can “discuss anything,” according to Mattel. The problem is that ToyTalk, the company behind the modern technology in the doll, has vulnerable servers, which means children’s recorded conversations with Hello Barbie could potentially be accessed without permission.

Bluebox, the security firm that revealed the doll’s vulnerabilities, shares that the Hello Barbie app for iOS and Android has a number of flaws, including the use of an authentication credential that can be reused by attackers and useless code that “increases the overall attack surface.”

“The ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack,” according to Bluebox.

All this means that hackers could potentially access, listen to and reconstruct recordings of children’s conversations with Hello Barbie.

“We have been working with Bluebox and appreciate their Responsible Disclosure of issues with respect to Hello Barbie,” ToyTalk CTO Matt Reddy told Gizmodo. “We are grateful that they informed us of relevant security vulnerabilities, which have been addressed.”

This revelation came on the heels of a warning from another researcher who said he found a flaw that could allow hackers to discover the home addresses of Hello Barbie owners, according to CNET.

The Hello Barbie news has likely gotten the attention of the FTC, according to a former director of the FTC’s Bureau of Consumer Protection.

Vtech, an electronics manufacturer based in Hong Kong, is working through a similar issue of its own as it responds to a security breach of its Learning Lodge app store database. That breach made accessible personal information such as email addresses, passwords, and mailing addresses.

Jason Hahn
Jason Hahn is a part-time freelance writer based in New Jersey. He earned his master's degree in journalism at Northwestern…
How to delete your Gmail account (and what you need to know)
The top corner of Gmail on a laptop screen.

Is it time to part ways with your Gmail account? Whether you’re moving onto greener email pastures, or you want to start fresh with a new Gmail address, deleting your old Gmail account is something anyone can do. Of course, we’re not just going to bid you farewell without a guide all our own. If you need to delete your Gmail account, we hope these step-by-step instructions will make the process even easier.

Read more
How to change margins in Google Docs
Laptop Working from Home

You may find that Google Docs has a UI that is almost too clean. It can be difficult to find basic things you're used to, such as margin settings. Don't worry, though, you can change margins in Google Docs just like with any other word processor through a couple of different means.

Read more
How to change your Yahoo password on desktop and mobile
A Yahoo mail inbox.

One of the best ways to keep your many email inboxes safe and secure is by frequently changing your password. While this may sound inconsequential, periodic login updates end up being one of the biggest deterrents against hackers and other malcontents. If Yahoo is your email platform of choice, we’ve put together this guide to teach you how to update your account password in just a few simple steps.

Read more