Following the news of security concerns behind My Friend Cayla, David Emm, Principal Security Researcher at Kaspersky Lab commented below.

David Emm, Principal Security Researcher at Kaspersky Lab:

David Emm “My Friend Cayla is hitting the headlines, following a call for parents to destroy the doll by Germany’s Federal Network Agency. The doll is equipped with a Bluetooth chip to enable it to answer questions through the Internet. However, it also asks for sensitive information, such as hometown, parent’s and user’s name, and school. Concerns about the doll therefore centre mainly around privacy – the fact that secrets entrusted to the doll by a child could be accessed by a hacker.

This of course isn’t the first doll to cause security concerns. In 2015, US security expert Matt Jakubowski was able to extract the Wi-Fi network name, internal MAC address, account IDs and MP3 files from Mattel’s interactive ‘Hello Barbie’ doll. This is enough to gain access to the Hello Barbie account and home network – thereby compromising the wider security of any family of a child using the doll.

We live in a connected world, where even our children’s toys could become the means for personal data being captured by attackers. It’s really important that, when considering such toys as gifts, parents look beyond the fun aspect of a toy and consider the impact it might have on their child and the wider family.

However, there is also a role for the manufacturers of connected products and the security industry. We need to work together to ensure that strong protection and patch management is designed-in from the very start. Once a product is on the market, it is already too late.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.