Two toys have recently came under fire, one from privacy experts and one from security experts, after details emerged about the way the toys connected to the internet and the vulnerability this introduces with the potential for exploitation.
Privacy experts claimed that the Mattel doll ‘Hello Barbie’ raises serious privacy concerns for children with some experts labelling the toy as ‘creepy’.
Meanwhile safety experts highlighted vulnerabilities in the Cayla doll by Vivid Toys that allows it to be hacked by third parties.
The vulnerability in the Cayla doll was discovered by Ken Munro (Security Researcher at Pen Test Partners), which if exploited will give hackers the ability to make the doll say anything they want it to say.
The Cayla doll is an Internet connected talking doll that uses speech recognition and Google translate technology to communicate with the child.
The necklace on the doll contains a listening device, which listens to the child and transmit the captured data to an app installed on an Android or iOS device that is connected to the doll via Bluetooth.
The app then translates what the child has said and converts the audio into text, then identifies the key words used and searches the Internet for a suitable response.
Ken Munro has not released details of how he managed the hack, but showed the BBC the hack in action, and advised the manufacturer to add a unique pin number on the back of each doll as a security measure, and advised parents to ensue all their software is up-to-date and that the doll is switched off, when not in use.
Vivid Toys have responded saying that this is an isolated case and that they have immediately released a patch and upgraded the software, but with a vulnerability known, it will certainly encourage some hackers to seek new exploits.
Meanwhile the Hello Barbie has been heavily criticised by Child Privacy groups as it is equipped with a microphone and Internet connectivity, with the groups concerned that it can be used to spy on children.
The doll asks questions to children, records the answers, and sends this information back to Mattel serves where it is stored and processed by an algorithm to improve speech recognition and responses.
Susan Linn, the executive director of the Campaign for a Commercial-Free Childhood stated “Kids talking to Hello Barbie aren’t just talking to a doll, they’re talking to Mattel….a multinational corporation whose only interest in them is financial”
Parents can access the audio recordings online, which has also raised concerns about hacking and spying.
Mattel has responded stating “Mattel is committed to safety and security, and Hello Barbie conforms to applicable government standards”
Susan Linn said in a statement “It’s creepy and creates a host of dangers for children and families. Children confide in their dolls. When children have conversations with dolls and stuffed animals, they’re playing, and they reveal a lot about themselves”
The not-for-profit Campaign for a Commercial-Free Childhood are currently asking Mattel to scrap their toy amidst the privacy concerns.