Parents asked to destroy smart doll that can be used to eavesdrop on children


#1

We’ve just posted the following news: Parents asked to destroy smart doll that can be used to eavesdrop on children[newsimage]http://www.myce.com/wp-content/images_posts/2017/02/ff95f9_93f41cf48c554c34acccbeacd258f4e4-mv2-95x75.png[/newsimage]

The German regulatory office for telecommunications has asked parents to destroy the so-called ‘smart doll My Friend Cayla’ as it can leak sensitive personal data. Security researchers have found that it’s possible to use the doll’s unsecured Bluetooth connection to eavesdrop on children.

            Read the full article here: [http://www.myce.com/news/parents-asked-destroy-smart-doll-can-used-eavesdrop-children-81475/](http://www.myce.com/news/parents-asked-destroy-smart-doll-can-used-eavesdrop-children-81475/)

            Please note that the reactions from the complete site will be synched below.

#2

At least it wasn’t named Talking Tina. :eek:


#3

German government: Destroy My Friend Cayla because it’s spyware.
Me: that’s surprisingly good advice.

Personally, I wouldn’t bother buying “smart” toys like these. After all, it’s not likely these toy manufacturers have a single cyber-security expert on staff. All they know is “kids these days like those ‘smart’ iPod-electro-doohickeys”, so they focus their pointless gimmicks on that. The fact that they are inviting all matter of cyber-attackers doesn’t occur to anyone, and neither does the fact that some of these attackers could be pedophiles looking for emotionally vulnerable targets, who will likely be the easiest to manipulate.

I also would advise against buying gadgets for “smart” homes, since they can contain just as many security vulnerabilities. I’m especially troubled by the fact that the Best Buy near me has several “smart” locks for one’s front door located right in front of the entrance to the store. These locks are practically covered with signs, which have words like “convenience” plastered all over them, without any mention of cyber-security. If this trend continues, it’s only a matter of time before useless TV news outlets (I’m looking at you, CBS, NBC, MSNBC, ABC, and Fox!) start scratching their heads, wondering why the number of home break-ins have increased.


#4

They plaster their kids faces all over the internet, now this.


#5

[QUOTE=TSJnachos117;2788568]German government: Destroy My Friend Cayla because it’s spyware.
Me: that’s surprisingly good advice.

Personally, I wouldn’t bother buying “smart” toys like these. After all, it’s not likely these toy manufacturers have a single cyber-security expert on staff. All they know is “kids these days like those ‘smart’ iPod-electro-doohickeys”, so they focus their pointless gimmicks on that. The fact that they are inviting all matter of cyber-attackers doesn’t occur to anyone, and neither does the fact that some of these attackers could be pedophiles looking for emotionally vulnerable targets, who will likely be the easiest to manipulate.

I also would advise against buying gadgets for “smart” homes, since they can contain just as many security vulnerabilities. I’m especially troubled by the fact that the Best Buy near me has several “smart” locks for one’s front door located right in front of the entrance to the store. These locks are practically covered with signs, which have words like “convenience” plastered all over them, without any mention of cyber-security. If this trend continues, it’s only a matter of time before useless TV news outlets (I’m looking at you, CBS, NBC, MSNBC, ABC, and Fox!) start scratching their heads, wondering why the number of home break-ins have increased.[/QUOTE]

In all due respect, the IoT companies have started to listen finally, but it is way to late. I’ve written before that these IDIoT (Incredibly Dangerous Internet of Things) devices are real honeypots for hackers who are hacking millions of them on full automation and use them to bring down sites on the net. It doesn’t stop with dolls and door locks, but extends to your ‘smart’ light bulb, refrigerator, media player, TV or in other words any smart device you currently own.

To make matters worse, apart from larger IoT devices, most small devices does not support firmware update and even if they do support it, there may not be enough space to implement security as part of the update

It is especially hard to find a ‘dumb’ TV these days and my only advice for that is to hook up a HTPC or laptop that enables you to control security and install an open source application like KODI and turn off Wi-Fi/Ethernet for the TV… Your next TV will hopefully be better in this respect.

[QUOTE=beef barley;2788570]They plaster their kids faces all over the internet, now this.[/QUOTE]

Yep, people don’t think. that’s the problem :rolleyes:


It does not stop with being possible to hack through Bluetooth and the net though. A friend got a smart bulb set for Christmas and it took me exactly 2 minutes with a Wi-Fi sniffer to find the password for his Wireless as they leaked it (I had read about it prior and so it was a test. Next time I will be able to get it in 30-60 seconds - Welcome scumbags, just use my Wi-Fi and devices for your malicious activities :eek:)

A year or two down the road will hopefully see an end to this amateur hacker heaven, but currently I’m scared shitless and don’t have any devices connected to the net, not even my phone.


#6

Personally, I find “smart” toys particularly dangerous (more so than other “smart” devices), since we all know how little money manufacturers spend on toys (I presume they pay the child labors around $0.20/month). I find it unlikely that these manufacturers are going to want to invest in firmware updates in the future, especially if they only planned to manufacture the toy for a short time. So, even if the device does support updates and has plenty of room for security enhancements, I don’t think toy manufacturers will want to pay money for extra security updates.


#7

I agree, there’s no apparent ‘gain’ in showing responsibility for what you screwed up, maybe apart from respect and the good feeling that you made up for it (you can probably imagine how long such a thought will last in the corporate sphere of today) - sadly, there will be consumers using their vulnerable device(s) until they stop working :rolleyes: