German parents urged to destroy data-collecting toy doll

Attackers can even abuse doll to talk to whoever’s playing with it.

German parents urged to destroy data-collecting toy doll

A German privacy watchdog is urging parents to destroy My Friend Cayla, a doll which has a knack for collecting private information about its owner.

Germany's Federal Network Agency, which is known as "Bundesnetzagentur," issued the warning after a student named Stefan Hessel raised the alarm about Cayla and her devious ways.

Hessel, who studies at the University of Saarland, says Cayla's speaker and microphone system are vulnerable to external attacks. As he told the German website Netzpolitik.org (and rendered in English by Google Translate):

"There are decisive reasons for the fact that the doll is a prohibited broadcasting system in the sense of § 90 Telecommunications Act. Each bluetooth capable device within a range of about ten meters can connect to it and use speakers and microphone. In an attempt I had access to the doll over several walls. There is no built-in fuse."

The notion that Cayla can function as an eavesdropper from several rooms away - or even allow others to talk to whoever's playing with it - is just the latest issue to plague this doll. Let's not forget the Electronic Privacy Information Center (EPIC) filed a complaint against Cayla and i-Que Intelligent Robot, another toy made by a Los Angeles manufacturer called Genesis, for their ability to "record and collect the private conversations of young children without any limitations on collection, use, or disclosure of this personal information."

Analysis performed on Cayla, i-Que, and Hello Barbie, another dolly with serious privacy flaws, found that the toys send their conversations with children to a speech recognition company. These toys also have the ability to share "personal data" with "vendors, consultants, and other service providers." But none of the toys' terms specify the types of information of which that data can consist.

Genesis Toys has yet to comment on the warning issued by Germany's official watchdog. I'm sure it's not jumping at the bit to do so. But if it hopes to repair customer relations with concerned parents, it better say something soon.

In the meantime, parents everywhere should consider not purchasing My Friend Cayla. If their children already own one, they should tell them Cayla is moving to a different country and then think of creative ways to destroy her, like running her over with a car. Be innovative, but please be safe in whichever method you choose.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. Tim Berghoff

    February 20, 2017 at 2:31 pm #

    (Full disclosure first: I do not have any children).
    Personally, I think this is absolutely a move in the right direction.

    There's an interesting facet here, though:
    To me, the shoddy security implementation comes across as just a side note and does not appear to be relevant in the context of the legal opinion by Mr Hessel. Neither is the way any collected data is processed by the manufacturers (he only speaks of "questionable privacy terms") in his introduction.

    German legislation considers any device which

    1.records and transmits spoken words in a non-public space to a recipient who is out of earshot without the speaker's knowledge or consent , and,
    2. is concealed as or by another item

    to be a "concealed eavesdropping/transmitting device". That renders it illegal to import, distribute, purchase or own under the Telecommunications Act.

    If I understand the source material right, the fact that the eavesdropping capabilities are concealed is really the linchpin of this decision.
    The legal definition appears to be primarily interested in what a device is capable of doing, regardless of what it was designed or advertised to do.

    Hessel also sort of gives Genesis the benefit of doubt by assuming that this broad spectrum of abuse possibilities for the purpose of surveillance may not have been what they had in mind when they designed the doll. It is not clear at any point that the device may be listening in, as the LED indicator in the doll's necklace does not work in all configurations and can also be disabled. This is another factor which places the doll in the "spying tools" corner. Parents needn't worry, though: the Bundesnetzagentur currently has no plans to bring forth charges against any owners of the device. They point out that any decision whether or not to bring forth a charge on this would be the responsibility of law enforcement. No records of buyers have been requested at this point.

    Long story short:
    If toy designers make products which are capable of the above, they need to tread very carefully. At least under German law, putting a big warning label on such a device is not considered sufficient to make it legal.

Leave a Reply