Have you ever seen “CSI:Cyber”? It was a drama about catching cybercriminals. There was one episode where a doll named Marla was hacked. The doll told the little girl who owned her to leave a window unlocked and later that evening a thief entered her home.
Hacked toys like Marla aren’t just the subject of fictitious TV shows. This past Christmas season we warned you about My Friend Cayla, a doll that can record your child’s voice, and if hacked, can allow a predator to eavesdrop on your child. Since then, the concern over Cayla dolls has grown.
Germany has banned the My Friend Cayla doll and is urging parents to destroy the doll if their child already owns one. If the doll is hacked, a criminal can do more than just listen to children. Their fear is that criminals can collect your personal information.
Like Amazon devices enabled with Alexa, My Friend Cayla has a microphone and accesses the internet to answer your child’s questions. According to David Emm, a principal security researcher at a cyber security and anti-virus firm, Cayla also asks your child questions that can put your security at risk. He told the Daily Mail that she can ask your child what her name is, what school she goes to, and what town she lives in.
The difference between Alexa and Cayla seems to be hack-ability. After examining the toy, researcher Stefan Hessel reported his findings to a German website.
“In a test, I was able to hack the toy even through several walls. It lacks any security features.”
He told Germany’s Federal Network Agency that hackers could use the doll to talk to children (just like Marla).
Note: My Friend Cayla isn’t the only smart toy you should be concerned about. A couple months ago the United States Senate Committee on Commerce, Science, and Transportation released a report that detailed the risks of several other smart toys.
Despite Germany’s concern, the United Kingdom doesn’t seem to be as worried. Sky News reported that the U.K. Toy Retailers Association said they’re “satisfied that this product offers no special risk and there is no reason for alarm.” The toy’s distributor, Vivid Imaginations, told the association that the reports from Germany contain “factual inaccuracies” and that the toy is safe to use if its instructions are being followed.
If your child does own a smart toy like My Friend Cayla (or another toy with access to the internet), the United States Senate Committee on Commerce, Science, and Transportation said these are some things to keep in mind:
- Be aware of what information is collected, whether or not it will be shared, and how long it’s kept by the company.
- Research whether or not the toymaker has been a victim of data breaches in the past. If so, how was it handled?
- Change the toy’s default passwords and privacy settings. Only allow the toy to collect the information necessary for the toy to run properly.