Parents asked to destroy smart doll that can be used to eavesdrop on children

Posted 17 February 2017 17:00 CET by Jan Willem Aldershoff

The German regulatory office for telecommunications has asked parents to destroy the so-called ‘smart doll My Friend Cayla’ as it can leak sensitive personal data. Security researchers have found that it’s possible to use the doll’s unsecured Bluetooth connection to eavesdrop on children.

My Friend Cayla makes use of voice recognition to listen to children and can this way respond to what they say.

The manufacturer of the toy hasn’t responded to the warning of the German regulatory office. However, the distributor of the smart doll has stated to be aware of isolated cases of attacks performed by specialists and reports that the app used with the doll can be upgraded. But so far the vulnerability hasn’t been patch yet.

In Germany it’s forbidden to possess or sell eavesdropping equipment, those who violate that law can get a sentence of up to 2 years in jail.

According to reports from the Süddeutsche Zeitung and the Saarbrücken newspaper, ‘My friend Cayla’ is considered a ‘concealed transmitting device’ and therefore prohibited according to Paragraph 90 of the German Telecommunications Act.

Germany has stricter privacy laws than many other countries. That is because Germans experienced abusive surveillance by the state, both in Nazi Germany and in communist East Germany.



Kerry56
Administrator
Posted on: 17 Feb 17 18:42
At least it wasn't named Talking Tina.
2 Agree

TSJnachos117
MyCE Resident
Posted on: 19 Feb 17 04:04
German government: Destroy My Friend Cayla because it's spyware.
Me: that's surprisingly good advice.

Personally, I wouldn't bother buying "smart" toys like these. After all, it's not likely these toy manufacturers have a single cyber-security expert on staff. All they know is "kids these days like those 'smart' iPod-electro-doohickeys", so they focus their pointless gimmicks on that. The fact that they are inviting all matter of cyber-attackers doesn't occur to anyone, and neither does the fact that some of these attackers could be pedophiles looking for emotionally vulnerable targets, who will likely be the easiest to manipulate.

I also would advise against buying gadgets for "smart" homes, since they can contain just as many security vulnerabilities. I'm especially troubled by the fact that the Best Buy near me has several "smart" locks for one's front door located right in front of the entrance to the store. These locks are practically covered with signs, which have words like "convenience" plastered all over them, without any mention of cyber-security. If this trend continues, it's only a matter of time before useless TV news outlets (I'm looking at you, CBS, NBC, MSNBC, ABC, and Fox!) start scratching their heads, wondering why the number of home break-ins have increased.
1 Agree

beef barley
MyCE Resident
Posted on: 19 Feb 17 04:16
They plaster their kids faces all over the internet, now this.
0 Agree

Xercus
Moderator
Posted on: 19 Feb 17 11:16
Quote:
Originally Posted by TSJnachos117
German government: Destroy My Friend Cayla because it's spyware.
Me: that's surprisingly good advice.

Personally, I wouldn't bother buying "smart" toys like these. After all, it's not likely these toy manufacturers have a single cyber-security expert on staff. All they know is "kids these days like those 'smart' iPod-electro-doohickeys", so they focus their pointless gimmicks on that. The fact that they are inviting all matter of cyber-attackers doesn't occur to anyone, and neither does the fact that some of these attackers could be pedophiles looking for emotionally vulnerable targets, who will likely be the easiest to manipulate.

I also would advise against buying gadgets for "smart" homes, since they can contain just as many security vulnerabilities. I'm especially troubled by the fact that the Best Buy near me has several "smart" locks for one's front door located right in front of the entrance to the store. These locks are practically covered with signs, which have words like "convenience" plastered all over them, without any mention of cyber-security. If this trend continues, it's only a matter of time before useless TV news outlets (I'm looking at you, CBS, NBC, MSNBC, ABC, and Fox!) start scratching their heads, wondering why the number of home break-ins have increased.
In all due respect, the IoT companies have started to listen finally, but it is way to late. I've written before that these IDIoT (Incredibly Dangerous Internet of Things) devices are real honeypots for hackers who are hacking millions of them on full automation and use them to bring down sites on the net. It doesn't stop with dolls and door locks, but extends to your 'smart' light bulb, refrigerator, media player, TV or in other words any smart device you currently own.

To make matters worse, apart from larger IoT devices, most small devices does not support firmware update and even if they do support it, there may not be enough space to implement security as part of the update

It is especially hard to find a 'dumb' TV these days and my only advice for that is to hook up a HTPC or laptop that enables you to control security and install an open source application like KODI and turn off Wi-Fi/Ethernet for the TV... Your next TV will hopefully be better in this respect.

Quote:
Originally Posted by beef barley
They plaster their kids faces all over the internet, now this.
Yep, people don't think. that's the problem

---

It does not stop with being possible to hack through Bluetooth and the net though. A friend got a smart bulb set for Christmas and it took me exactly 2 minutes with a Wi-Fi sniffer to find the password for his Wireless as they leaked it (I had read about it prior and so it was a test. Next time I will be able to get it in 30-60 seconds - Welcome scumbags, just use my Wi-Fi and devices for your malicious activities )

A year or two down the road will hopefully see an end to this amateur hacker heaven, but currently I'm scared shitless and don't have *any* devices connected to the net, not even my phone.
0 Agree

beef barley
MyCE Resident
Posted on: 21 Feb 17 01:01
Quote:
A year or two down the road will hopefully see an end to this amateur hacker heaven, but currently I'm scared shitless and don't have *any* devices connected to the net, not even my phone.
As of the end of January my LG Shine flip was rendered obsolete because the CDMA network service that my ISP supplied was discontinued. My plan which is dirt cheap was still good, so I went in search of a dirt cheap phone. A few days before the end of the month a friend gave me a phone, because he had a few laying in a drawer and all I had to do was get a sim card, then activate. This is the long way of saying that the LG and the LG I had before it were never connected to the internet. The phone I currently have will never reach the internet, (data block.) I use a phone as a phone.
0 Agree

Reactions closed

Sorry, you can't comment on this item anymore. It's either too old or comments are disabled for this post.

Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×