Toys And The Web

Why you should say 'goodbye' to Hello Barbie

Kim Komando, Special for USA TODAY
Say 'goodbye' to Hello Barbie

For five decades, Mattel's Barbie doll has been at the top of many kids' Christmas wish lists. It's also been a regular focus of controversy, often dealing with Barbie's unrealistic body dimensions. However, the controversy about the latest Barbie goes beyond her exterior to the technology inside.

If you haven't seen the commercials, the newest Barbie to invade stores is called "Hello Barbie," and she talks. Unlike talking dolls of the past, however, Barbie also listens and responds to what your child says thanks to a microphone, sophisticated electronics and a Wi-Fi connection. Just press the button on her belt and the conversation starts.

Hello Barbie uses similar technology to Apple Siri, Google Now, Microsoft Cortana and other personal digital assistants. This ability to respond to a child's conversation made it one of my 5 must-have tech gifts.

Source: Mattel

A host of security and privacy concerns have since prompted me to put this doll on the naughty list.

More from USA Today:
Voices: Why I decided to buy a handgun
Iraq's army battles for ISIL-held city Ramadi
Clinton to call for Alzheimer's cure, spending

Hello Barbie asks your kids questions to learn their likes and dislikes. Plus, kids tend to say all kinds of personal things when playing with their toys. This information, plus the actual recordings of your child's voice, is sent over the Internet for processing and stored on the servers of Mattel's partner ToyTalk.

ToyTalk's privacy policy doesn't inspire confidence, saying that the recordings can be used for data analysis and shared with third parties, though it points out these are service providers like Microsoft who help the toys with speech recognition.

Parents can use a companion smartphone app to listen to the recordings and even get a notification when new recordings are available. That lets you keep an eye on what information your child is sharing. Of course, finding out after the fact that your kid revealed something they shouldn't have isn't always going to be helpful.

In addition, as we just learned from the massive hack at high-tech toy maker VTech, toy companies don't have the same level of security as Apple, Google and Microsoft.

Security researchers have revealed flaws in the network that Hello Barbie's creators use to upload a child's recorded conversation to the cloud, where the phrases are processed using artificial intelligence, so that Barbie's response simulates an actual conversation. Security research Bluebox says the potential weakness could let hackers listen to the recordings.

Plus, given the way Hello Barbie connects to Wi-Fi, a hacker can trick the doll into connecting to a rogue hotspot. That lets a hacker hear what your child says, and possibly even send Barbie new things to say. You might end up trying to explain to your child why Barbie is swearing or making threats.

ToyTalk says it's addressed some of the security concerns and it's now offering a "bug bounty," or an award for hackers to find any other security flaws, so it can fix them. It says in all of the cases surfaced by security researchers no children's audio was accessed.

But as you can see from ToyTalk's blog post, we're getting into a pretty complicated corner of technology — maybe more than the average toy buyer is bargaining for.

If your child has Barbie on their wish list, do yourself a favor and go for an "old-fashioned" model that talks only using your child's imagination.

On the Kim Komando Show, the nation's largest weekend radio talk show, Kim takes calls and dispenses advice on today's digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website at Kim also posts breaking tech news 24/7