Networked toys: privacy risk in the children's room

Recently, the Federal Network Agency caused a stir with an unusual appeal: Owners of the doll "My friend Cayla" should destroy it. But what exactly makes the doll so questionable?

"Almost like a real girlfriend" - this is how the smart doll Cayla is described on the manufacturer's website. When the doll is connected to the Internet via a tablet or smartphone, it is able to provide children with answers to a wide range of questions. However, the interactive experience in the children's room has now been put a stop to: The German Federal Network Agency is calling for the Cayla children's doll to be destroyed because, technically speaking, it constitutes prohibited broadcasting equipment. The legal basis for this decision is provided by Section 90 of the Telecommunications Act (TKG) and the fact that the microphone and loudspeaker are hidden in the doll. This would allow unnoticed remote monitoring. Now the possession, the production as well as the distribution of the doll in Germany are forbidden, in order to prevent possible injuries of the private sphere.

How the networked doll works

Cayla connects to a smartphone or tablet via Bluetooth and can access the Internet. The doll's voice recognition software relies on this connection. When the doll is asked a question, it is sent over the Internet to a server that transcribes the request and sends the text back to the doll's app. Via the app, the transcribed text is checked for keywords on a blacklist (a list of words that can be added to by the parent and to which the puppet should not give answers). This is followed by a search on the Internet for an answer to the question. What exactly happens to the data collected during such question processing is not clear. By installing the app, however, users consent to data being passed on to third parties.

As Stefan Hessel from Saarland University found in a test, any Bluetooth-enabled device within range of the doll can connect to it, even through several walls. This makes it possible for strangers to access the manikin's loudspeaker and microphone.

Apart from the various possibilities to collect information from the children's everyday life, Cayla also seems to scatter targeted advertising information, for example when the doll casually starts talking about her favorite Disney movies.

Data protection aspect of networked toys
As a result of the Federal Network Agency's decision, the Cayla doll is currently receiving increased attention, but it is not the only networked toy that raises data protection concerns. In general, the functionality of a (play) device should always be weighed against the associated costs, including in terms of data sharing - regardless of whether the users are children or adults.

Tips for parents
Internet-enabled toys offer new possibilities and functionalities that you should take a closer look at. Before buying, find out whether and which security and privacy settings are possible for the play devices.  

  • Internet-enabled toys should not have an unprotected Bluetooth interface (without password). On the manufacturer's website, you can find out whether the desired toy has an individual Bluetooth password. At "data protection conditions", you should critically check what data the manufacturer collects about the toy functions and how this data is further processed.
  • If your child already has a smart play device with an unprotected Bluetooth interface, you should deactivate this function for safety's sake. As a precaution, it is also advisable to remove the battery from the toy. Due to the current safety concerns and proven security vulnerabilities with some networked toys, you can complain about them to the manufacturer or retailer and ask for your money back.
  • For toys with voice recording function, IT security experts recommend that the microphone function should only be activated after a button or switch is pressed. Therefore, check whether the smart playmate always records or whether the microphone can also be turned off. Depending on the model, the toy may also have an integrated camera or record its location via GPS data. Here, too, you should take a close look at the data protection conditions and, if possible, only switch on the camera when it is being used.

Tips on the subject of data protection can be found, for example, in the klicksafe flyers:

  • klicksafe flyer "Data protection tips for parents"
  • klicksafe flyer "Data protection tips for young people"
  • Tips for digital self-defense

What happens next with the Cayla doll?

Cayla has been sold in Germany since 2014. The Federal Network Agency has now written to sales outlets to have the Cayla dolls removed from the range. Parents whose children already own such a doll are urged to destroy it. A destruction notice is available for download on the website. The doll should not be returned to the seller and can, for example, be handed in at one of the nearby waste management stations. There likewise a destruction proof gets. Although the Federal Network Agency is not planning to specifically track down parents or owners of the doll, the toy's data protection vulnerabilities could be motivation enough to stop it from being used.

More on the topic