Destroy the spying doll !
Yes, you read that correctly. This did not come from some nutter in a tinfoil hat hiding in the woods, but the call came from the German government who has not only banned the My Friend Cayla doll but has instructed parents to destroy the doll or switch off its wireless capabilities.
What could the government have against a doll?
This is no ordinary kids toy. The My Friend Cayla doll is part of the new generation of toys which has internet connectivity. The doll has a built-in speaker, microphone, and connects to the internet answering questions that kids ask it. Kids can also interact and play with the Cayla via an app. I received the Cayla doll in October 2014 where you can see it in action:
|My Friend Cayla
So what is the threat?
The Germany’s Federal Network Agency (Bundesnetzagentur) is concerned that hackers are able to hack the doll via its unsecured Bluetooth facility and are able to not only listen to what kids are saying, but are also able to talk back to them. The hacker just has to be in Bluetooth range which technically means the hacker could access the doll from another apartment, a nearby room or from outside the house.
According to German law, the doll is classified as having a concealed transmitting device and as it is banned, which therefore means that owning the doll or selling the doll is illegal.
Is the threat real?
Technically the German government is right to be concerned. And it is not confined to the Cayla doll only. Today’s toys are more connected to the internet than before with apps, WiFi connectivity, and even cameras. If the manufacturer does not take steps to secure those connections then technically yes, a hacker could hack in.
Before you find your hammer and being smashing your kid’s toys, the same applies to many other connected devices that we give no thought to. If your home has a smart doorbell, smart garage opener, or a smart security camera which connects to an app on your phone, then you need to ensure that those devices are secure and only you can access them.
Same applies to your gaming consoles such as PlayStation, Xbox, Nintendo etc.
All these smart devices, toys, appliances are the new generation of Internet of Things (IoT). They connect to the internet. They have an IP address. This means that they need to be updated and secured.
Not the first time Cayla was targeted
Back in 2015, Ken Munro from Pen Test Partners, a security researcher, has identified some vital flaws in the doll’s software which allowed him to to change Cayla’s responses making her say anything! The company issued a statement back then which says that :
“The My Friend Cayla doll is designed for creative play and has numerous levels of security in place to ensure that children are safe when using the doll and the associated app.
“There is a list of banned words within the app – which includes swear words – which parents can add to manually if they wish.
“In addition to this, there is also a list of subjects (such as religion, politics and sexuality) where Cayla will encourage the child to go and ask a parent or teacher. We feel this is appropriate for the target age group and we trust that parents would prefer to have conversations with their own child around subjects such as these.
“The hacking example highlighted here is an isolated case which has been carried out on a specific, individual device by a specialist team using developer software.
What about the My Friend Cayla doll today ?
The UK Toy Retailers Association has said “it is satisfied the the product offers no special risk and there is no reason for alarm” and the company has said the hacking incident is isolated, requires highly technical skills, and is working to release an update to the upgrade the doll’s connectivity security.
Let’s be honest, if you are that concerned about the home being recorded for the government, then please throw out your cell phone, tablet, smart TV and gaming consoles as these all have recording capabilities and connect to the internet.
Secure the home
I worked with Bitdefender during CES as I really liked the Bitdefender BOX for this exact reason. Note THIS is NOT a sponsored post but I mention the BOX as it is a system that secures your entire home network automatically regardless of what each individual product does. Therefore, adding the BOX onto the home network would mean that anything unusual from any of the devices would trigger an immediate alert and you instantly know that something is wrong. You can then block/ allow the activity.
|Check out the Bitdefender info here: