A prototype for Mattel’s ubiquitous Barbie doll has been developed that incorporates advanced artificial intelligence (AI) to allow it to process human speech, and even answer profound questions like: “Do you believe in God?” The new Hello Barbie, unveiled to The New York Times ahead of its November launch, will combine AI software with a microphone, WiFi and speech-recognition capabilities in order to communicate through more than 8,000 lines of pre-recorded dialogue.
Through the speech-recognition software, key words are used to trigger certain responses from the Hello Barbie. For example, “good”, and “fantastic” would cue the doll to say phrases like: “Great, me too!” The toy is also able to remember answers − such as being told a relative has died − in order to draw upon them for future interactions or avoid such topics altogether.
At its current level, the Hello Barbie is reportedly not sophisticated enough to pass the Turing Test − the threshold that machine intelligence can pass itself off as human intelligence. However, that’s not to say it couldn’t fool a six-year-old child.
“It is very hard for [young children] to distinguish what is real from what is not real,”
Privacy issues
Mattel came under fire earlier this year after privacy advocates raised concerns about Hello Barbies recording conversations between the doll and its user and transmitting them to a ToyTalk server. The doll − dubbed Eavesdropping Barbie − sparked an online petition to withdraw the doll, garnering over 4,000 signatures.
“If I had a young child, I would be very concerned that my child’s intimate conversations with her doll were being recorded and analysed,” Angela Campbell, from Georgetown University’s Center on Privacy and Technology, said at the time.
“In Mattel’s demo, Barbie asks many questions that would elicit a great deal of information about a child, her interests and her family. This information could be of great value to advertisers and be used to market unfairly to children.”
In response, Mattel released a statement that stated: “The No. 1 request we receive from girls globally is to have a conversation with Barbie, and with Hello Barbie we are making that request a reality.”
The rise of AI toys
Hello Barbie is arguably the most advanced iteration of artificial intelligence to be found in a children’s toy, but Mattel is not the only manufacturer to be working on integrating the technology into its toys. In 2013, UK-based Supertoy Robotics developed a cuddly toy that can listen, learn and interact with its surroundings, while evolving its capabilities through an app described as “Siri on steroids”.
In February, Google and Mattel introduced their Hello Barbie Internet-connected toy. This Barbie has an internal microphone, a WiFi connection to Google’s voice recognition services, and a speaker to carry on a “conversation” with the targeted child.
Like the folks at Somerset Recon, we’d say that this is an Internet of Things (IoT) device that’s just begging for a teardown, and we’re totally looking forward to their next installment when they pore through the firmware.
On the hardware front, Barbie looks exactly like what you’d expect on the inside. A Marvell 88MW300 WiFi SoC talks to a 24-bit (!) audio codec chip, and runs code from a 16Mbit flash ROM. There’s some battery management, and what totally looks like a JTAG port. There’s not much else, because all the brains are “in the cloud” as you kids say these days.
Back in February, The Register queried the security and privacy implications of Mattel’s “Hello Barbie”, and now the doll has hit the shelves, a prominent security researcher has turned up the first security problems with the toy.
After an initial flurry of concern, the issue went quiet, but last Friday Matt Jakubowski (formerly of Trustwave’s SpiderLabs) reignited it by extracting Wi-Fi network names, account IDs, and MP3 files from the toy.
That brought a defensive response from Oren Jacob, CEO of ToyTalk (which provides the cloud processing chunk of Hello Barbie). He called Jakubowski an “enthusiastic researcher”, said the data is “already available” to customers, and “no major security or privacy protections have been compromised”.
While it’s probably easier to get an SSID by standing outside a house and letting it pop up on your phone’s Wi-Fi connection list, an account ID is another matter, since all an attacker needs is to get a password and they have access to the Hello Barbie account.
From ToyTalk’s point of view – and Vulture South’s – that still looks like an unlikely scenario: is it worth staging a user-by-user attack against a child’s doll?
However, in the wake of the weekend’s breach of toymaker VTech, the question of children’s privacy is now on a few million minds.
Troy Hunt (of HaveIbeenpwned fame) writes about the VTech breach here, and some of his concerns regarding VTech are relevant to Hello Barbie: is it a good idea to extend children’s digital footprints to links between physical and digital assets, when they’re too young to understand notions of consent?
The other obvious question is how long Hello Barbie’s remaining security can last.
Security researcher warns hackers could steal personal information and turn the microphone of the doll into a surveillance device
Mattel’s latest Wi-Fi enabled Barbie doll can easily be hacked to turn it into a surveillance device for spying on children and listening into conversations without the owner’s knowledge.
The Hello Barbie doll is billed as the world’s first “interactive doll” capable of listening to a child and responding via voice, in a similar way to Apple’s Siri, Google’s Now and Microsoft’s Cortana.
It connects to the internet via Wi-Fi and has a microphone to record children and send that information off to third-parties for processing before responding with natural language responses.
But US security researcher Matt Jakubowski discovered that when connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.
Jakubowski told NBC: “You can take that information and find out a person’s house or business. It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.”
Once Jakubowski took control of where the data was sent the snooping possibilities were apparent. The doll only listens in on a conversation when a button is pressed and the recorded audio is encrypted before being sent over the internet, but once a hacker has control of the doll the privacy features could be overridden.
It was the ease with which the doll was compromise that was most concerning. The information stored by the doll could allow hackers to take over a home Wi-Fi network and from there gain access to other internet connected devices, steal personal information and cause other problems for the owners, potentially without their knowledge.
With a Hello Barbie in the hands of a child and carried everywhere they and their parents go, it could be the ultimate in audio surveillance device for miscreant hackers.
ToyTalk’s chief executive Oren Jacob said: “An enthusiastic researcher has reported finding some device data and called that a hack.”
Mattel, the manufacturers of Hello Barbie, did not respond to requests for comment.
Security researchers can be a grim crowd. Everything, when looked at closely enough, is insecure at some level, and this leads to a lot of pessimism in the industry. So it’s a bit of a shock to see a security report that’s filled with neither doom nor gloom.
We’d previously covered Somerset Recon’s initial teardown of “Hello Barbie” and were waiting with bated breath for the firmware dump and some real reverse engineering. Well, it happened and basically everything looks alright (PDF report). The Somerset folks desoldered the chip, dumped the flash ROM, and when the IDA-dust settled, Mattel used firmware that’s similar to what everyone else uses to run Amazon cloud service agents, but aimed at the “toytalk.com” network instead. In short, it uses a tested and basically sound firmware.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
5 Comments
Tomi Engdahl says:
Artificial intelligence takes over Barbie’s brain
http://www.ibtimes.co.uk/artificial-intelligence-meets-barbie-famous-doll-wants-be-great-friends-your-child-1520145
A prototype for Mattel’s ubiquitous Barbie doll has been developed that incorporates advanced artificial intelligence (AI) to allow it to process human speech, and even answer profound questions like: “Do you believe in God?” The new Hello Barbie, unveiled to The New York Times ahead of its November launch, will combine AI software with a microphone, WiFi and speech-recognition capabilities in order to communicate through more than 8,000 lines of pre-recorded dialogue.
Through the speech-recognition software, key words are used to trigger certain responses from the Hello Barbie. For example, “good”, and “fantastic” would cue the doll to say phrases like: “Great, me too!” The toy is also able to remember answers − such as being told a relative has died − in order to draw upon them for future interactions or avoid such topics altogether.
At its current level, the Hello Barbie is reportedly not sophisticated enough to pass the Turing Test − the threshold that machine intelligence can pass itself off as human intelligence. However, that’s not to say it couldn’t fool a six-year-old child.
“It is very hard for [young children] to distinguish what is real from what is not real,”
Privacy issues
Mattel came under fire earlier this year after privacy advocates raised concerns about Hello Barbies recording conversations between the doll and its user and transmitting them to a ToyTalk server. The doll − dubbed Eavesdropping Barbie − sparked an online petition to withdraw the doll, garnering over 4,000 signatures.
“If I had a young child, I would be very concerned that my child’s intimate conversations with her doll were being recorded and analysed,” Angela Campbell, from Georgetown University’s Center on Privacy and Technology, said at the time.
“In Mattel’s demo, Barbie asks many questions that would elicit a great deal of information about a child, her interests and her family. This information could be of great value to advertisers and be used to market unfairly to children.”
In response, Mattel released a statement that stated: “The No. 1 request we receive from girls globally is to have a conversation with Barbie, and with Hello Barbie we are making that request a reality.”
The rise of AI toys
Hello Barbie is arguably the most advanced iteration of artificial intelligence to be found in a children’s toy, but Mattel is not the only manufacturer to be working on integrating the technology into its toys. In 2013, UK-based Supertoy Robotics developed a cuddly toy that can listen, learn and interact with its surroundings, while evolving its capabilities through an app described as “Siri on steroids”.
Tomi Engdahl says:
“Hello Barbie” Under the Knife
http://hackaday.com/2015/11/24/hello-barbie-records-your-children/
In February, Google and Mattel introduced their Hello Barbie Internet-connected toy. This Barbie has an internal microphone, a WiFi connection to Google’s voice recognition services, and a speaker to carry on a “conversation” with the targeted child.
Like the folks at Somerset Recon, we’d say that this is an Internet of Things (IoT) device that’s just begging for a teardown, and we’re totally looking forward to their next installment when they pore through the firmware.
On the hardware front, Barbie looks exactly like what you’d expect on the inside. A Marvell 88MW300 WiFi SoC talks to a 24-bit (!) audio codec chip, and runs code from a 16Mbit flash ROM. There’s some battery management, and what totally looks like a JTAG port. There’s not much else, because all the brains are “in the cloud” as you kids say these days.
Hello Barbie Security: Part 1 – Teardown
http://www.somersetrecon.com/blog/2015/11/20/hello-barbie-security-part-1-teardown
Tomi Engdahl says:
Hello Barbie controversy re-ignited with insecurity claims
Doll leaks data, even before the tear-downs are finished
http://www.theregister.co.uk/2015/11/29/hello_barbie_controversy_reignited_with_insecurity_claims/
Back in February, The Register queried the security and privacy implications of Mattel’s “Hello Barbie”, and now the doll has hit the shelves, a prominent security researcher has turned up the first security problems with the toy.
After an initial flurry of concern, the issue went quiet, but last Friday Matt Jakubowski (formerly of Trustwave’s SpiderLabs) reignited it by extracting Wi-Fi network names, account IDs, and MP3 files from the toy.
That brought a defensive response from Oren Jacob, CEO of ToyTalk (which provides the cloud processing chunk of Hello Barbie). He called Jakubowski an “enthusiastic researcher”, said the data is “already available” to customers, and “no major security or privacy protections have been compromised”.
While it’s probably easier to get an SSID by standing outside a house and letting it pop up on your phone’s Wi-Fi connection list, an account ID is another matter, since all an attacker needs is to get a password and they have access to the Hello Barbie account.
From ToyTalk’s point of view – and Vulture South’s – that still looks like an unlikely scenario: is it worth staging a user-by-user attack against a child’s doll?
However, in the wake of the weekend’s breach of toymaker VTech, the question of children’s privacy is now on a few million minds.
Troy Hunt (of HaveIbeenpwned fame) writes about the VTech breach here, and some of his concerns regarding VTech are relevant to Hello Barbie: is it a good idea to extend children’s digital footprints to links between physical and digital assets, when they’re too young to understand notions of consent?
The other obvious question is how long Hello Barbie’s remaining security can last.
Tomi Engdahl says:
Hackers can hijack Wi-Fi Hello Barbie to spy on your children
http://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children
Security researcher warns hackers could steal personal information and turn the microphone of the doll into a surveillance device
Mattel’s latest Wi-Fi enabled Barbie doll can easily be hacked to turn it into a surveillance device for spying on children and listening into conversations without the owner’s knowledge.
The Hello Barbie doll is billed as the world’s first “interactive doll” capable of listening to a child and responding via voice, in a similar way to Apple’s Siri, Google’s Now and Microsoft’s Cortana.
It connects to the internet via Wi-Fi and has a microphone to record children and send that information off to third-parties for processing before responding with natural language responses.
But US security researcher Matt Jakubowski discovered that when connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.
Jakubowski told NBC: “You can take that information and find out a person’s house or business. It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.”
Once Jakubowski took control of where the data was sent the snooping possibilities were apparent. The doll only listens in on a conversation when a button is pressed and the recorded audio is encrypted before being sent over the internet, but once a hacker has control of the doll the privacy features could be overridden.
It was the ease with which the doll was compromise that was most concerning. The information stored by the doll could allow hackers to take over a home Wi-Fi network and from there gain access to other internet connected devices, steal personal information and cause other problems for the owners, potentially without their knowledge.
With a Hello Barbie in the hands of a child and carried everywhere they and their parents go, it could be the ultimate in audio surveillance device for miscreant hackers.
ToyTalk’s chief executive Oren Jacob said: “An enthusiastic researcher has reported finding some device data and called that a hack.”
Mattel, the manufacturers of Hello Barbie, did not respond to requests for comment.
New Wi-Fi-Enabled Barbie Can Be Hacked, Researchers Say
http://www.nbcchicago.com/investigations/WEB-10p-pkg-Surveillance-Toy_Leitner_Chicago-353434911.html#ixzz3szkhUcYi
The world’s first interactive Barbie doll is raising concerns with privacy and security experts. NBC 5′s Investigative Reporter Tammy Leitner reports.
Tomi Engdahl says:
“Hello Barbie” Not an IoT Nightmare After All
http://hackaday.com/2016/01/29/hello-barbie-not-an-iot-nightmare-after-all/
Security researchers can be a grim crowd. Everything, when looked at closely enough, is insecure at some level, and this leads to a lot of pessimism in the industry. So it’s a bit of a shock to see a security report that’s filled with neither doom nor gloom.
We’d previously covered Somerset Recon’s initial teardown of “Hello Barbie” and were waiting with bated breath for the firmware dump and some real reverse engineering. Well, it happened and basically everything looks alright (PDF report). The Somerset folks desoldered the chip, dumped the flash ROM, and when the IDA-dust settled, Mattel used firmware that’s similar to what everyone else uses to run Amazon cloud service agents, but aimed at the “toytalk.com” network instead. In short, it uses a tested and basically sound firmware.