Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Germany Bans Internet-connected ‘Spy’ Doll Cayla

German regulators have banned an internet-connected doll called “My Friend Cayla” that can chat with children, warning Friday that it was a de facto “spying device”.

Parents were urged to disable the interactive toy by the Federal Network Agency which enforces bans on surveillance devices.

German regulators have banned an internet-connected doll called “My Friend Cayla” that can chat with children, warning Friday that it was a de facto “spying device”.

Parents were urged to disable the interactive toy by the Federal Network Agency which enforces bans on surveillance devices.

“Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people’s privacy,” said the agency’s head, Jochen Homann.

“This applies in particular to children’s toys. The Cayla doll has been banned in Germany. This is also to protect the most vulnerable in our society.”

The doll works by sending a child’s audio question wirelessly to an app on a digital device, which translates it into text and searches the internet for an answer, then sends back a response that is voiced by the doll.

The German regulators in a statement warned that anything a child says, or other people’s conversations, could be recorded and transmitted without parents’ knowledge.

“A company could also use the toy to advertise directly to the child or the parents,” it said.

“Moreover, if the manufacturer has not adequately protected the wireless connection, the toy can be used by anyone in the vicinity to listen in on conversations undetected.”

Genesis Toys, which manufactures the doll, says on its website that it “is committed to protecting your and your family’s personal information.

“Our objective is to ensure that our products and services are safe and enjoyable for our customers”.

It also says Cayla “is programmed to not utter, display or say words or images that would be inappropriate for children to see or hear”.

The company regularly reviews “encryption and physical security measures” to guard against unauthorized access to customers’ personal information.

But it warns on its website that “unfortunately no method of transmission over the Internet, or method of electronic storage, is 100 percent secure”.

The regulation agency added that it would “inspect other interactive toys and, if necessary, will take further action”.

The European Consumer Organization said it welcomed the decision but criticized the fact consumers would struggle to get compensation.

Its head Monique Goyens said that “if connected toys, such as this speaking doll, can be hacked to spy on or talk to children, they must be banned.”

She added that “EU product laws need to catch up with digital developments to deal with threats such as hacking, data fraud or spying”.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...