The German regulatory office for telecommunications has asked parents to destroy the so-called ‘smart doll My Friend Cayla’ as it can leak sensitive personal data. Security researchers have found that it’s possible to use the doll’s unsecured Bluetooth connection to eavesdrop on children.
My Friend Cayla makes use of voice recognition to listen to children and can this way respond to what they say.
The manufacturer of the toy hasn’t responded to the warning of the German regulatory office. However, the distributor of the smart doll has stated to be aware of isolated cases of attacks performed by specialists and reports that the app used with the doll can be upgraded. But so far the vulnerability hasn’t been patch yet.
In Germany it’s forbidden to possess or sell eavesdropping equipment, those who violate that law can get a sentence of up to 2 years in jail.
According to reports from the Süddeutsche Zeitung and the Saarbrücken newspaper, ‘My friend Cayla’ is considered a ‘concealed transmitting device’ and therefore prohibited according to Paragraph 90 of the German Telecommunications Act.
Germany has stricter privacy laws than many other countries. That is because Germans experienced abusive surveillance by the state, both in Nazi Germany and in communist East Germany.