Sunday February 19, 2017

Germany Bans Doll over Hacking Fears and Data Collection

Parents are being urged to return their "My Friend Cayla" dolls, as they are being regarded as "espionage devices" that record and (insecurely) send data back to their base of operations. While the company mentions that the recordings may be sent to third-party companies for targeted advertising, I don’t think they intended for the doll to be easily hacked: you could even make one "spew curse words and scare kids." Norway made the awesome video below to detail the problem, but they haven’t banned the product yet like Germany has.

آ…Cayla dolls were designed to pick up children questions, send them to an app on the parent's device, which translated the audio to text and searched for an answer online. According to German authorities, some of these conversations made their way further, as the app forwarded the audio recordings to the doll's vendor. The toy's terms and conditions state that the vendor uses these conversations to improve service, but also to share the audio recordings with third-party companies that can use it for targeted advertising. Furthermore, the toy itself has been hacked by security researchers, who showed that the communications between the Cayla doll and the parent's app were not sufficiently protected, allowing an attacker to intercept audio recordings, or relay custom audio to the toy, possibly scaring the child.