Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Can Your Child's Barbie Doll Be Hacked?

By Christopher Coble, Esq. on December 07, 2015 | Last updated on March 21, 2019

While parents were worried about in-app game purchases and whether teachers are properly using iPads, it turns out hackers were finding yet another way to access your information -- your kid's Barbie doll. According to Vice, bugs in the Hello Barbie doll's cloud infrastructure and smartphone apps could allow hackers to listen to your child's conversations.

So what secrets has your toddler been telling Barbie?

Hello, Barbie; Hello, Hackers

The Hello Barbie doll in question is Internet-connected and equipped with voice recognition software. This allows the doll to listen and respond to your child as well as send your child's recordings over the Internet and store them in a cloud. This all sounds very fun and cool, until security firm Bluebox Labs and independent researcher Andrew Hay discovered some flaws in the Barbie's online security:

This new report shows that hackers could have intercepted the encrypted data sent between the doll and the servers of its maker ToyTalk. And owing to the fact the server was vulnerable to a well-known exploit to downgrade and break web encryption, known as the POODLE attack, the hackers could have effectively accessed and listened to children's recordings.

ToyTalk says it's fixed the glitches, and there's no evidence that any sensitive information was obtained by hackers. But that doesn't mean parents shouldn't be concerned about Internet-enabled toys.

Once More Unto the Breach, Dear Kids

A couple weeks before the report of Hello Barbie's vulnerabilities, data from Hong Kong toy manufacturer VTech was breached, leaking information on 5 million parents and children including photos of parents and kids and chat logs. The breach involved the database for VTech's Learning Lodge app store, which stored some 4.8 million customer email addresses, names, and passwords of adult registered users, along with the gender, first name, and birth dates of more than 200,000 children.

This is yet another reminder that when your kids gaze long into the Internet, the Internet gazes also into them.

Follow FindLaw for Consumers on Facebook and Twitter (@FindLawConsumer).

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard