27 Nov 2015

Barbie's new web-connected doll can be hacked

10:50 am on 27 November 2015

It could be one of the hottest tickets for young girls this Christmas - the newest version of Mattel's Barbie doll is a Wi-Fi-enabled automaton that can conduct conversations with its owner.

Barbie

Photo: 123RF

But now a US cyber security consultant has discovered hackers could take control of the doll, use it as a surveillance device, conduct unauthorised conversations with children and even use it to hack into other devices on home Wi-Fi networks.

The doll connects to the internet via Wi-Fi and has a microphone to record children and send that information off to third-parties for processing before the doll responds to the child.

The consultant that hacked the doll, Matt Jakubowski, discovered that when connected to Wi-Fi the doll was vulnerable.

David Murphy, a Silicon Valley-based writer for PC Magazine, told Morning Report parents were probably unaware of the risk and the doll was basically akin to a smartphone.

"In this case a researcher got a hold of the doll, got physical access to the doll and in doing so managed to dump out its contents system, information about the doll, Wi-Fi networks and passwords IDs to log into Matell's cloud-based account."

He said this gave access to a child's conversations with the doll.

"I think a lot of parents are going to say, 'oh that's pretty awesome, my kid loves this thing', and not really realise the security implications of the fact that at some point somebody could have a recording of what your kid is saying."

He said as soon as Mattel announced the doll earlier this year the "community" was wondering how soon it would be until the doll was was hacked.