Hello Barbie is an internet-connected version of a Barbie doll, complete with a wireless connection, microphone, speaker, advanced voice recognition capabilities, and a “customized cloud-based database of her owner’s likes and dislikes” so Barbie can have “real” back and forth conversations with her owner. Hello Barbie is expected to sell for $75 by the holiday shopping season.
Just last month, the “first” smart doll Cayla was hacked. Despite British toymaker Vivid Toys promising its software would block inappropriate words, security researcher Ken Munro from Pen Test Partners discovered four attacks to make Cayla spew curse words: by modifying the “database contents on the child’s phone;” via a MITM (man-in-the-middle) attack; by “backdooring” the Cayla doll and by “random pairing” such as when the doll’s owner gets out of the range; it took just one tap for an attacker’s device to pair with the doll’s Bluetooth functionality.
Parents are advised that if you intend to get your child an IoT version of Barbie, please be wise about creating a strong password in order to protect you and your child’s privacy.