While Internet-connected toys are particularly appealing to a generation of tech-obsessed kids, security experts warn against the potential dangers of some of these flashy gadgets, such as the Bluetooth-enabled “My Friend Cayla” doll, which uses speech recognition technology to recognize a child’s speech and hold a conversation.
In February, Germany’s telecommunications watchdog, the Federal Network Agency, called the doll an “illegal espionage apparatus” and told parents to immediately destroy it.
The doll, which is manufactured by the U.S. company Genesis Toys, violated the country’s regulation of wireless devices with hidden cameras or microphones. Hackers could easily access the doll via Bluetooth, listen in on conversations and even directly hold a conversation with the child playing with it, the Guardian reported.
The number of internet-connected toys has grown rapidly in recent years. But in common with much of the so-called “Internet of Things”, cyber-security has been left rushing to catch up.
A leading cyber-security expert, Professor Bill Buchanan of Edinburgh Napier University said parents must become much more tech savvy to stop hackers turning toys against their children.
Buchanan studies threat analysis, cryptography and digital forensics. He also hacks internet-connected toys to highlight the possible pitfalls.
Prof Buchanan said: “We are part of the internet and we need to understand the risks that we face.”
To illustrate the problem, Prof Buchanan is talking to Trent the teddy bear. Trent is brown and cuddly and has a little red heart on his chest which indicates that a message has arrived.
Buchanan could hack the system of the teddy and one has to be only within a range of the bear to do it.
A few taps of the keyboard and some specially-written code is running. A browser interface gives him control of how fast Trent’s heart beats and – crucially – the ability to slot his own audio message into Trent’s circuitry.
Cloudpets, the maker of the Trent, said they are always improving their products to combat new vulnerabilities.
In 2015, when Mattel rolled out its Wi-Fi enabled talking “Hello Barbie” doll, it was proven to be easily hackable. And in Norway, a consumer watchdog council said some smartwatches designed for children are vulnerable to hackers, according to Wired.com.