Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Germany Bans Internet-connected ‘Spy’ Doll Cayla

German regulators have banned an internet-connected doll called “My Friend Cayla” that can chat with children, warning Friday that it was a de facto “spying device”.

Parents were urged to disable the interactive toy by the Federal Network Agency which enforces bans on surveillance devices.

German regulators have banned an internet-connected doll called “My Friend Cayla” that can chat with children, warning Friday that it was a de facto “spying device”.

Parents were urged to disable the interactive toy by the Federal Network Agency which enforces bans on surveillance devices.

“Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people’s privacy,” said the agency’s head, Jochen Homann.

“This applies in particular to children’s toys. The Cayla doll has been banned in Germany. This is also to protect the most vulnerable in our society.”

The doll works by sending a child’s audio question wirelessly to an app on a digital device, which translates it into text and searches the internet for an answer, then sends back a response that is voiced by the doll.

The German regulators in a statement warned that anything a child says, or other people’s conversations, could be recorded and transmitted without parents’ knowledge.

“A company could also use the toy to advertise directly to the child or the parents,” it said.

“Moreover, if the manufacturer has not adequately protected the wireless connection, the toy can be used by anyone in the vicinity to listen in on conversations undetected.”

Advertisement. Scroll to continue reading.

Genesis Toys, which manufactures the doll, says on its website that it “is committed to protecting your and your family’s personal information.

“Our objective is to ensure that our products and services are safe and enjoyable for our customers”.

It also says Cayla “is programmed to not utter, display or say words or images that would be inappropriate for children to see or hear”.

The company regularly reviews “encryption and physical security measures” to guard against unauthorized access to customers’ personal information.

But it warns on its website that “unfortunately no method of transmission over the Internet, or method of electronic storage, is 100 percent secure”.

The regulation agency added that it would “inspect other interactive toys and, if necessary, will take further action”.

The European Consumer Organization said it welcomed the decision but criticized the fact consumers would struggle to get compensation.

Its head Monique Goyens said that “if connected toys, such as this speaking doll, can be hacked to spy on or talk to children, they must be banned.”

She added that “EU product laws need to catch up with digital developments to deal with threats such as hacking, data fraud or spying”.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.