Are web-enabled toys safe?

Andrea Stroppa
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


Today, more and more toys are connected to the internet, from smart dolls to radio-controlled cars and learning games. These toys, games and apps end up in the hands of young children who are quickly getting used to playing with sensors, cameras and microphones. This is a natural extension of long-existing electronic toys, and it is probably best explained through the evolution of the famous Barbie doll.

First launched in the US in March 1959, Barbie went through many changes to her appearance, clothes and accessories, eventually becoming a cultural icon (controversies included). Today, “Hello Barbie” is a sophisticated toy able to have a live conversation using voice recognition technology, to connect to the internet and store its data via cloud technology. But when a doll can actually speak through a child’s imagination or give correct answers thanks to an algorithm, we are facing a much bigger issue.

High-tech companies are investing heavily in net-connected toys: they can profile children’s behaviour and collect a variety of data about their use, such as daily, weekly or monthly stats and most preferred actions. While this data allows companies to create toys more in line with children’s needs and enjoyment, it also fuels R&D projects aimed at further improving algorithms and interactive functions.

Parents are still divided on the consequences of these advancements, but some companies promise them a better experience, particularly when it comes to educating their children. And some toys already provide parental control options, including game monitoring, feature blocking and a general analytics system.

However, there are reasons for both parents and companies to be concerned. Electronic toy-maker VTech admitted to a breach by an “ethical hacker” that hit 6.3 million children, stealing their names, home addresses, pictures and chat logs. So far no data has been publicly disclosed, but the attacker warned the Hong Kong toy-maker to quickly fix its security flaws.

Also, while privacy advocates already warned that Hello Barbie could pose risks (recordings are sent over the internet and stored in the cloud), security researchers have exposed several flaws that could have allowed hackers to spy on children’s conversations with the doll. And this new report comes on the heels of similar but separate independent findings on how hackers could exploit Hello Barbie.

These development can’t be ignored: For toy companies to successfully embrace the “internet of toys”, they must deploy any necessary security standard, such as system assessments, penetration tests, cryptography and transparent policies. Parents also have a crucial role to play: it is up to them to make sure these toys protect their children’s privacy and personal data – well beyond “old-fashioned” basic safety features.

It would perhaps be useful for toy manufacturers and the authorities to get together and share best practices to define privacy and security standards that are satisfactory and ethical for all. It will almost certainly take some time to properly sort out this new technological challenge, and for many it could entail a broader reconsideration about Christmas gifts. Should we be giving our children a smart doll or a superhero connected to the internet, or would we be better waiting for more secure and safe cyber-toys?

Author: Andrea Stroppa writes about security and technology for the World Economic Forum.

Image: A girl looks at Barbie dolls during a Barbie exhibition in Zagreb May 15, 2012. REUTERS/Antonio Bronic

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

3 trends set to drive cyberattacks and ransomware in 2024

Scott Sayce

February 22, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum