Hello Barbie, Mattel's first "interactive Barbie," has been found to be vulnerable to hacking, effectively transforming the doll into a surveillance device, using its microphone to listen to conversation and steal personal data of unsuspecting owners.
Matt Jakubowski, a security expert, found that once Hello Barbie is connected to a Wi-Fi network, information can easily be obtained, including that of the doll's system, account information and stored audio files in addition to the use of the microphone, The Guardian reported.
"You can take that information and find out a person's house or business. It's just a matter of time until we are able to replace their servers with ours and have her say anything we want," Jakubowski said, according to NBC News.
When Hello Barbie was first introduced last March, Mattel was already facing a backflash from a group of mothers raising privacy concerns, as HNGN previously reported. The company dispelled these fears by explaining that the conversations that transpire between the doll and its owner are encrypted and sent to a secure database location. Jakubowski, however, has successfully overridden security parameters when his team breached the server where the data is being kept. The encryption of the recorded audio messages will also no longer work, as the communication channel is already compromised.
Mattel has so far remained silent about Jakubowski's hacking claims. But ToyTalk, Mattel's partner in the Hello Barbie product line, was quick to issue a statement.
"An enthusiastic researcher has reported finding some device data and called that a hack," said Oren Jacob, ToyTalk's CEO. "No user data, no Barbie content, and no major security nor privacy protections has been compromised to our knowledge."