Spiral Toys -- a division of Mready, a Romanian electronics company that lost more than 99% of its market-cap in 2015 -- makes a line of toys called "Cloudpets," that use an app to allow parents and children to exchange voice-messages with one another. They exposed a database of millions of these messages, along with sensitive private information about children and parents, for years, without even the most basic password protections -- and as the company imploded, they ignored both security researchers and blackmailers who repeatedly contacted them to let them know that all this data was being stolen. Read the rest
It's called Cayla, it's about a foot tall, and it can be used to listen to and talk to the child playing with it. But who is doing the listening? Anyone in Bluetooth range, reports Germany's Federal Network Agency (Bundesnetzagentur).
An official watchdog in Germany has told parents to destroy a talking doll called Cayla because its smart technology can reveal personal data. ... The Vivid Toy group, which distributes My Friend Cayla, has previously said that examples of hacking were isolated and carried out by specialists. However, it said the company would take the information on board as it was able to upgrade the app used with the doll.
But experts have warned that the problem has not been fixed.
The Cayla doll can respond to a user's question by accessing the internet. For example, if a child asks the doll "what is a little horse called?" the doll can reply "it's called a foal".
Watch the BBC's video of Cayla, in its squeaky, sinister voice, say "I've been hacked to say all sorts of scary things."
Cayla was on Boing Boing last year when the FCC received complaints about it. Cayla is on Amazon for $45.
It's so easy to hack that everyday YouTubers are at it! Read the rest
Last year's Hello Barbie chatbot toy sent all your kid's speech to cloud servers operated by Mattel and its tech partner, but only when your kid held down Barbie's listen button -- new chatbot toys like My Friend Cayla and the i-Que Intelligent Robot are in constant listening mode -- as is your "OK Google" enabled phone, your Alexa-enabled home mic, and your Siri-enabled Ios device -- and everything that is uttered in mic range is transmitted to Nuance, a company that makes text-to-speech tech (you probably know them through their Dragon-branded tools), and contracts to the US military. Read the rest