A new high-tech version of the Barbie doll is raising concerns among parents and privacy groups.
“Hello Barbie” not only talks, she also listens and responds using advanced speech-recognition software.
But the NBC4 I-Team found out this doll doesn't just talk back -- she remembers what children say.
"Hello Barbie" is the world's first artificial intelligence-enabled version of the popular doll. By pressing a button on Barbie's belt, a child can "speak" with Barbie, and hear tailored replies from the doll in return – sort of like “Siri” for kids.
The technology was developed for Mattel by “Toy Talk,” a San Francisco software company. It allows the doll to connect with a Wi-Fi network via a free mobile app that parents can load on their smartphones.
When a child talks to “Hello Barbie,” the raw audio is sent instantly to Toy Talk’s servers, which use software to determine and generate the doll’s appropriate reply, which is played through a speaker embedded in the toy.
But critics fear using the doll could put a family's privacy and security at risk.
"Technology opens Pandora's boxes, and in this case it comes in the shape of a Barbie," said Pam Dixon, executive director of World Privacy Forum.
Every word a child says to the doll after pressing the activation button is stored on servers for two years after the recording is made, Toy Talk confirmed to the I-Team. Parents can access the audio, and so can Toy Talk.
Others may also have access to the voice recordings. Toy Talk told the I-Team that it shares some of the audio with unidentified "vendors," adding that it is "for the sole purpose of improving speech recognition."
"When you think about it, it's a little creepy because they're minors, they're children," said Olga Damascus, a Bell Canyon mom whose daughter enjoys playing with dolls.
Parents are required to consent to the arrangement. Toy Talk said "all recordings are deleted if the parents closes" the account associated with the doll.
"If a child is going to tell a Barbie his or her secrets, then the child should know that it's like writing into a diary that's published somewhere," said Dixon. "The information that a child told in secret to their doll can become a matter of public record in, for example, thorny and difficult custody cases."
The doll's connectivity raised another concern about security.
"We discovered that when you're setting up the doll, the doll actually sets up its own wireless access point called 'Barbie' with some numbers at the end of it," said Andrew Blaich, a security researcher with San Francisco’s Bluebox.com. "What we found from that is that the app is just scanning for any network with the name Barbie in it. If an attacker is nearby and is making its own network with the name 'Barbie,' you can force the app to connect to the other network."
The connection could allow an attacker to access private information on a parent's phone, Blaich said. Bluebox.com provided its findings to Toy Talk, which quickly responded by updating its software to strengthen security.
Two California mothers have filed a lawsuit against Mattel and Toy Talk, alleging that "Hello Barbie" invaded their children's privacy. Mattel and Toy Talk have not commented on the lawsuit, but Mattel issued a statement to the I-Team on behalf of both companies.
Full Mattel Statement: "As a leader in the toy industry for more than 70 years, Mattel is committed to safety and security when bringing new products to market. Mattel and ToyTalk have taken numerous steps to ensure Hello Barbie meets security and safety protocol.
"Reports have claimed that Hello Barbie has been 'hacked.' It is important to note that in all claims we know about, no children's audio files were accessed, no passwords were compromised, no personal information was disclosed and no dolls were made to say anything unintended. Mattel and ToyTalk built in many privacy and security measures and are committed to providing the safest possible experience for parents and their children."