The FBI say, many toys sporting cloud-backed features such as speech recognition or online content hosting “could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.
“Security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use,” the FBI warns. “Consumers should perform online research of these products for any known issues that have been identified by security researchers or in consumer reports.”
This comes after a number of kids’ toys were found to be indirectly spying on kids by collecting and storing data, including audio conversations and personal information, without parents’ knowledge.
Germany’s Federal Network Agency, or Bundesnetzagentur, has banned Genesis Toys’ Cayla doll as an illegal surveillance device.
If you own a stuffed animal from Cloud Pets, you need to change your password to the product. The toys — which can receive and send voice messages from children and parents — have been involved in a data breach dealing with more than 800,000 user accounts.
The breach, which grabbed headlines on Monday, is drawing concerns from security researchers because it may have given hackers access to voice recordings from the toy’s customers. However, the company behind the products, Spiral Toys, is denying that any customers were hacked.
Hackers appear to have accessed an exposed CloudPets’ database, which contained email addresses and hashed passwords, and they even sought to ransom the information back in January.
CloudPets, the brand allegedly made the mistake of storing the customer information in a publicly exposed online MongoDB database that required no authentication to access. That allowed anyone, including hackers, to view and steal the data.
Unveiled by the Tonner Doll Company will makes its first debut at this week’s New York Toy Fair. The doll is modeled on a teenage activist who was born a boy, but lives as a female. Jazz Jennings shot to fame when she was interviewed about her gender dysphoria by US TV presenter Barbara Walters.
Jazz Jennings__ wrote: “I love her. A portion of my proceeds will be donated to help trans youth who are struggling.
The Wi-Fi-connected My Friend Cayla doll could be used by hackers to spy on children, so has been banned in Germany with parents advised to destroy the to ( Genesis )
A German watchdog is warning parents about the possible breach of their child’s privacy for those who play with the Wi-Fi-connected smart doll, My Friend Cayla.
They advise parents to destroy the doll
The Federal Network Agency, an official telecommunications watchdog in Germany known as Bundesnetzagentur, issued a warning on Friday about the smart doll, revealing that hackers can listen in and even talk to the child through the toy’s insecure Bluetooth connection.
The Cayla doll has been removed from the market and banned, marked as an illegal “concealed transmitting espionage device.” The doll had to be pulled from shelves because according to German law, it is illegal to sell a banned surveillance device.
The same law says also makes it illegal to possess a surveillance device, with those breaking this law risking serving up to two years in jail.
But households who purchased the doll won’t be penalized for having the now illegal device. Instead, the German watchdog is advising parents to destroy it.
Manufactured by Genesis Toys, My Friend Cayla is the interactive toy that can talk and play games with the child. The Wi-Fi-enabled doll connects to the Internet via Bluetooth to be able to answer question asked by the child, responding via microphone.
Norwegian consumer council Forbrukerrådet, says some high-tech toys created by U.S.-based manufacturer Genesis Toys are hazardous to children’s privacy and warranted a complaint to the Federal Trade Commission and the European Union.
The toys in question are My Friend Cayla and i-Que, they both have— a smartphone app that allows kids to talk to their toy and have it respond to what they say. Even though it appears that all communication stays between the app and the product, it actually gets sent to a remote server in the United States, without asking for the user’s permission first.
Parents setting up the product aren’t informed that their kids’ voices are sent to a server called Nuance, which is then free to use the recordings. According to Nuance’s Terms of Service, the data can be used for advertising and marketing and shared to third parties.