Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

Can Your Child's Barbie Doll Be Hacked?

Article Placeholder Image
By Christopher Coble, Esq. on December 07, 2015 9:18 AM

While parents were worried about in-app game purchases and whether teachers are properly using iPads, it turns out hackers were finding yet another way to access your information -- your kid's Barbie doll. According to Vice, bugs in the Hello Barbie doll's cloud infrastructure and smartphone apps could allow hackers to listen to your child's conversations.

So what secrets has your toddler been telling Barbie?

Hello, Barbie; Hello, Hackers

The Hello Barbie doll in question is Internet-connected and equipped with voice recognition software. This allows the doll to listen and respond to your child as well as send your child's recordings over the Internet and store them in a cloud. This all sounds very fun and cool, until security firm Bluebox Labs and independent researcher Andrew Hay discovered some flaws in the Barbie's online security:

This new report shows that hackers could have intercepted the encrypted data sent between the doll and the servers of its maker ToyTalk. And owing to the fact the server was vulnerable to a well-known exploit to downgrade and break web encryption, known as the POODLE attack, the hackers could have effectively accessed and listened to children's recordings.

ToyTalk says it's fixed the glitches, and there's no evidence that any sensitive information was obtained by hackers. But that doesn't mean parents shouldn't be concerned about Internet-enabled toys.

Once More Unto the Breach, Dear Kids

A couple weeks before the report of Hello Barbie's vulnerabilities, data from Hong Kong toy manufacturer VTech was breached, leaking information on 5 million parents and children including photos of parents and kids and chat logs. The breach involved the database for VTech's Learning Lodge app store, which stored some 4.8 million customer email addresses, names, and passwords of adult registered users, along with the gender, first name, and birth dates of more than 200,000 children.

This is yet another reminder that when your kids gaze long into the Internet, the Internet gazes also into them.

Follow FindLaw for Consumers on Facebook and Twitter (@FindLawConsumer).

Related Resources:

Find a Lawyer

More Options