Hackable ‘Hello Barbie’ the Worst Toy of the Year (and Maybe Ever)

She’s not just creepy. ‘Hello Barbie’ threatens children’s security.

12.10.15 6:00 AM ET

Every year the Toy Industry Association crowns the best toy of the year—the TOTY. And every year the Campaign for a Commercial-Free Childhood (CCFC) crowns the opposite—the TOADY.

An acronym for Toys Oppressive And Destructive to Young children, the TOADY is bestowed on the toy that the CCFC finds the most deplorable. This year, members of the organization had a chance to vote on six different “terrible toys,” ranging from a “girly” nerf gun to a drone.

With a whopping 57 percent of the vote, the winner was a blue-eyed, blond-haired doll with a slim waist and a computer-generated voice: Hello Barbie.

“In a year full of jaw-droppingly bad toys, Hello Barbie deserves the TOADY as worst of the worst,” CCFC Executive Director Josh Golin told Consumerist. “It’s the perfect storm of a terrible toy, and threatens children’s privacy, wellbeing, and creativity.”

Founder of CCFC Susan Linn was even more candid: “It’s creepy and creates a host of dangers for children and families.”

The award falls on the heels of a lawsuit filed Monday by two California moms, Ashley Archer-Hayes and Charity Johnson, who allege that the toy violates children’s privacy. Along with Mattel, the complaint implicates ToyTalk and Samet Privacy—the companies responsible for the toy’s voice recognition and safety certification.

Released this year, the toy uses Wi-Fi to record what a child says and then stores it in a cloud. With an interactive element, the doll is able to talk back to the owner, and even answer questions—a plastic pink-lipped Siri, of sorts. The problem, both CCFC and the lawsuit state, is that there aren’t enough protections in place to be sure that the voice coming from Barbie is that of the actual toy and not a predator who has hacked it.

Michael Kelly, the attorney representing Archer-Hayes and Johnson, said that “fake hacks” of the toy, by safety experts, suggest that gaining access to the toy is not only possible, but easy.

“It’s interactive, so if someone hacks into the server they could technically take over and ask questions like ‘Where do you live?’ or ‘Is anybody home?’” Kelly tells The Daily Beast. “You’re not dealing with competent adults, you’re dealing with vulnerable little kids.”

While purchasers are aware that the toy records their child’s voice—and must create an account in which they agree to this—Archer-Hayes and Johnson’s lawsuit argues that the model fails to warn other kids (or their parents) of the same. “If the kid takes the doll to a party, everybody else is being recorded and has no idea that’s happening,” says Kelly. “So the doll becomes an open mic—well, worse than an open mic.”

The specific incident mentioned in the lawsuit is a Barbie-themed birthday in which Archer-Hayes’s daughter brought her Hello Barbie. After the party Archer-Hayes realized the Barbie had recorded not just her daughter’s voice, but the other girls (including Johnson’s daughter) too. Based on this experience, the two say thousands of kids may have been unknowingly recorded by now.

Introduced at a toy show in February, Hello Barbie was met instantly met with a chorus of criticism. Weeks after its introduction, more than 45,000 had signed a petition asking Mattel not to release the toy. When it did hit the market this fall, CCFC launched a campaign titled #HellnoBarbie to raise awareness about the dangers of the toy.

Get The Beast In Your Inbox!
By clicking "Subscribe," you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason

In a statement to The Daily Beast, ToyTalk defended the validity of the toy’s program. "Hello Barbie is certified as-COPPA compliant by kidSAFE, a children's privacy certification program approved by the U.S. Federal Trade Commission. Because the claim is pending, we have no further comment at this time.”

In November, the company told NBC that safety was pivotal: "We are extremely concerned with the privacy, security, and safety of the kids’ data.”

Mattel and Samet Privacy did not return The Daily Beast’s request for comment.

The runner-up to Hello Barbie in the TOADY competition was a book series called “Brands We Know,” each of which profiles a major brand like Coca-Cola or Target. Parents deemed the books “blatant consumerism” and a “shameful exploitation” of kids’ inability to distinguish between stories and sponsored content.

A potentially problematic concept to be sure, but not one that potentially threatens the safety of the kids using it. Among damages for invasion of privacy and other claims, the plaintiffs are asking that Mattel come up with a safer model—such as a Barbie that deletes the recordings of anyone other than the kid that owns it.

Kelly, for one, hopes that parents take the case seriously. “It’s not some sort of frivolous suit over a toy,” he says. “It’s a real concern.” Kelly says the timing of the lawsuit, just weeks before the biggest consumer holiday of the year, is coincidence.

Either way, it’s a good time to remind a country infatuated with “the next big thing” that just because a present is high-tech doesn’t mean it’s necessarily flawless—or safe.