One of the hot toys this holiday season is sure to be Orwellian Dystopia Barbie—sorry, we mean Hello Barbie. The $75 Internet-connected doll uses an app to record kids and talk back to them. But Slate reports hackers can turn the Hello Barbie's Wi-Fi connection into "spying hardware" and—like other Internet-ready toys—use it to collect "an astonishing" amount of personal data. Researchers from security firm Bluebox announced Friday that hackers could bypass Hello Barbie's safety controls to access recordings of children talking to the doll, according to CNET. One big problem is the use of "outmoded encryption technology," reports Gizmodo. Last week, a different researcher found hackers could possibly use Hello Barbie to find the home addresses of its owners.
"Such security concerns could give parents second thoughts about buying the Internet-connected toys on their children's holiday wish lists," observes CNET. "The timing is especially critical for Hello Barbie, which was released last month just in time for the holiday shopping season." Slate says the makers of most toys with Internet connections either don't know how to protect users' privacy or don't care to try. But Mattel and ToyTalk—the makers of Hello Barbie—tell CNET they had a cybersecurity company review the doll before it was released and are continuing to upgrade its security features. "Security has been a major focus throughout the entire process, and I think we've done a very good job of it," one executive says. "I'm very proud of the [doll]." (A new Barbie commercial features a milestone of sorts.)