Creepy Wi-Fi Enabled Barbie can be Hacked and Turned into your Personal Surveillance Doll
“Hello Barbie,” the latest generation of artificial intelligence is here and speaking with your kids, masked inside a harmless looking Barbie doll which could be listening in on conversations and storing them for later use.
The world’s first interactive Barbie doll is here, however it’s stirring up serious concern across privacy and security communities alike. She looks like all the other dolls with her perfect hair, dressy outfits and unoriginal style, but has the ability to talk back and hold real conversations.
“She can actually talk to you,” 9-year-old Zsofie described to NBC. “And not fake talking.”
The latest generation Barbie doll, which is Wi-Fi enabled, has the ability to listen to what a child is saying and speak back. To be able to intelligently speak to children, the device sends audio recordings to ToyTalk’s servers for analysis (connected to Google’s Voice recognition service) where they will quickly generate a response and transmit it back through Wi-Fi. Those files are then stored in the cloud, under an account ID parents attached to the device. Once the children finish their conversation with Barbie, the files are uploaded directly to the cloud where parents have the ability to play back and even share private conversations children had with their Barbie online.
“We put parents in control of their child’s data, beginning with parental consent and by giving them the option to review and delete any or all of their child’s interactions with Hello Barbie,” a spokesperson for Toy Talk claimed, the company behind the interactive Hello Barbie technology.
However security researcher Matthew Jakubowski believes differently.
Jakubowski said while the the Wi-Fi was enabled, he was able to easily hack into the interactive Barbie doll and steal system information, Wi-Fi network names, Barbie’s internal mac address, account ID’s and stored MP3 files.
“You can take that information and find out a person’s house or business,” Jakubowski warned NBC in an interview. “It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.”
Once the Barbie doll was hacked, Jakubowski was able to steal files and even turn the Barbie doll’s analysis servers over to his own. Allowing him full control over Barbie’s responses along with presumably being able to capture and store audio files recorded by Barbie.
Surprisingly Toy Talk acknowledged their interactive Barbie doll can be hacked, however the spokesperson said “in this case, the information that was discovered does not identify a child, nor does it compromise any audio of a child speaking.”
Jakubowski believes the issue extends beyond, and has the ability to open households up to hacking as he was able to recover the network name (SSID) and password from the doll. Thus allowing him to hack into the network and cause far more catastrophic damage.
However the hack isn’t the main privacy concern. This creepy little Barbie is jam packed with all the latest surveillance gear to listen in on households and record conversations, as well as alert law enforcement if the doll deems necessary.
That’s right, Toy Talk has taken it upon themselves to have the Barbie doll listen in and report “a conversation that raises concern about the safety of a child or others.” You heard it right, Barbie 2.0 can automatically alert law enforcement just from listening to audio conversations even when the dolls listen feature is not active. Adding itself to the endless Internet-of-Things ecosystem of “always-on” technology.
The company has stated plain and clear they will take the role of altering the authorities, alongside that, the lengthy privacy statement says the company will comply with all legal subpoenas.
The latest surveillance doll, or Barbie, sparked extreme controversy among privacy advocates just days after being released on the shelves. Researchers at Somerset Recon, a security firm dissected the innards of the Barbie from a security standpoint.
This is just Somerset Recon’s first installment, dissecting the hardware housed inside the Barbie, where they will look into Hello Barbie’s firmware next.
However none of this matters to an innocent child playing with their dolls, but the new surveillance state 2.0 is even intruding on your children’s privacy as well as your entire family.
“We think parents should feel confident about their child’s privacy with Hello Barbie,” a Toy Talk spokesperson said trying to diffuse the extreme privacy concerns.
Lets all say Hello Barbie, Goodbye Privacy!