Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Security Communications Government Networking Robotics The Internet Entertainment Technology

Watchdog Group Claims Smart Toys Are Spying On Kids (mashable.com) 70

The Center for Digital Democracy has filed a complaint with the Federal Trade Commission warning of security and privacy holes associated with a pair of smart toys designed for children. Mashable reports: "This complaint concerns toys that spy," reads the complaint, which claims the Genesis Toys' My Friend Cayla and i-QUE Intelligent Robot can record and collect private conversations and offer no limitations on the collection and use of personal information. Both toys use voice recognition, internet connectivity and Bluetooth to engage with children in conversational manner and answer questions. The CDD claims they do all of this in wildly insecure and invasive ways. Both My Friend Cayla and i-QUE use Nuance Communications' voice-recognition platform to listen and respond to queries. On the Genesis Toy site, the manufacturer notes that while "most of Cayla's conversational features can be accessed offline," searching for information may require an internet connection. The promotional video for Cayla encourages children to "ask Cayla almost anything." The dolls work in concert with mobile apps. Some questions can be asked directly, but the toys maintain a constant Bluetooth connection to the dolls so they can also react to actions in the app and even appear to identify objects the child taps on on screen. While some of the questions children ask the dolls are apparently recorded and sent to Nuance's servers for parsing, it's unclear how much of the information is personal in nature. The Genesis Privacy Policy promises to anonymize information. The CDD also claims, however, that My Friend Cayla and i-Que employ Bluetooth in the least secure way possible. Instead of requiring a PIN code to complete pairing between the toy and a smartphone or iPad, "Cayla and i-Que do not employ... authentication mechanisms to establish a Bluetooth connection between the doll and a smartphone or tablet. The dolls do not implement any other security measure to prevent unauthorized Bluetooth pairing." Without a pairing notification on the toy or any authentication strategy, anyone with a Bluetooth device could connect to the toys' open Bluetooth networks, according to the complaint.
This discussion has been archived. No new comments can be posted.

Watchdog Group Claims Smart Toys Are Spying On Kids

Comments Filter:
  • This is all part of PizzaGate's grand kid swiping scheme. I just knew it!

  • Gotta say (Score:5, Interesting)

    by JustAnotherOldGuy ( 4145623 ) on Thursday December 08, 2016 @07:50PM (#53449737) Journal

    I've got to say, this seems creepy to me. It's not just spying on kids, it's spying on whoever is in range. It's basically an open mic in your home, transmitting to god knows who.

    Who knows what kind of conversations it might overhear, or how it might be mined for incriminating information. Or how something innocuous might be misinterpreted as grounds for an investigation by the police, CPS, the FBI, etc etc.

    I'd bet my ass it's easy to hack to act as a remotely controllable audio bug by anyone with nefarious intent.

    Even worse, who's to say the stream couldn't be modified to make it seem like it "heard" child abuse, criminal activity, domestic violence, drug dealing...the possibilities are endless. How would you dispute a recording from one of these things where you were supposedly heard discussing (or confessing to) illegal activity? How would you prove it wasn't real?

    If I was paranoid, I'd say that some intelligence organization is pushing these kinds of things in order to establish a covert surveillance network that could be used for all sorts of evil shit. But that's crazy, right? The CIA/FBI/NSA would never want a bunch of microphones in everyone's home, right?

    • On the plus side, think of the opportunities for yanking their chains!

      Me: Hey, wife! Did you use up the cocaine without replacing it?? You KNOW you're supposed to get more if you use up the last of it!

      Wife: Husband, I haven't touched the coke in weeks. Either the kids or the dogs are getting into it. Or you're just blacked out from when you used the stuff up. In any case, there's still plenty of Ecstacy and Heroin, so I don't see what you're getting so excited about....

      ***and on and on for ten min

      • On the plus side, think of the opportunities for yanking their chains!
        Me: Hey, wife! Did you use up the cocaine without replacing it?? You KNOW you're supposed to get more if you use up the last of it!
        Wife: Husband, I haven't touched the coke in weeks. Either the kids or the dogs are getting into it.

        Yeah, after the feds get done tossing your house, confiscate all your shit, put your kids into foster care, and after you bond out of jail, it'll be a hilarious story to tell at the lawyer's office!

    • by jbn-o ( 555068 ) <mail@digitalcitizen.info> on Thursday December 08, 2016 @11:12PM (#53450453) Homepage

      I've got to say, this seems creepy to me. It's not just spying on kids, it's spying on whoever is in range. It's basically an open mic in your home, transmitting to god knows who.

      So is a "smart" TV, a laptop computer, a tracker (a more appropriate name for a cell phone or mobile phone which recognizes the activity it does the most), and so many other voice-activated gadgets with network connectivity all running proprietary (read: untrustworthy by default) software. And a lot of these devices have cameras in them too, also under proprietary software control. And virtually all of them have been used by kids for years. Some of these devices have geolocation hardware in them too, that must make it easier to geotag the data the proprietors can acquire, keep, and share. I think it's great that people are finally getting around to thinking about the security and privacy implications when this is presented to them in the form of a toy but really this is far too late in coming.

      Departing from the parent comment, situations like this are also a constant reminder of the profound inadequacies of modern-day IT experts who choose to surround themselves with these things, not in an experimental way to investigate them but as consumers who apparently value minor convenience more than their own privacy.

      Only software freedom helps you enjoy all of these devices in a way where you, the user and owner of the device, can have a real say in what gets recorded, where that data is copied, and thus who gets access to that data. It's not about shutting these things out of your life entirely, it's about respecting who should control this data.

  • Of course they do. (Score:4, Insightful)

    by techno-vampire ( 666512 ) on Thursday December 08, 2016 @08:11PM (#53449823) Homepage
    They're a watchdog group. Their whole reason for existence is to spot things like this and call attention to them, even if there isn't really a problem. I'm not saying that they're making this up, but I'd take any claims like this with a grain of salt until there's some outside confirmation.
    • We learned not to long ago that many Smart TVs just transmit everything they hear to a remote server in the clear. How many IoT devices are compromised already and are now being used as little attack droids? How about those Sony security cameras with built-in backdoors that was uncovered recently?

      These days, your default assumption should be that any internet-connected device has zero concerns for your privacy, and is probably insecure enough to be placed immediately on a botnet as soon as any criminal ca

      • by AmiMoJo ( 196126 )

        The real problem is that companies feel like they can do pretty much anything as long as they bury it in a 90 page EULA somewhere. No need to put "this toy transmits everything you say to us, and we use it to sell you more shit, and sell your details on to other companies" on the box, just hide it on page 36 and most consumers won't even find out about it.

        IoT is ripe for some strong regulation. I'd suggest mandatory notifications when vulnerabilities are discovered, unpatched firmware = full refund, and man

  • Same thing, except marketed to adults.
  • by jabberw0k ( 62554 ) on Thursday December 08, 2016 @08:44PM (#53449947) Homepage Journal
    Instead of "Smart" just say "Treacherous" -- as in, treacherous appliances, treacherous toys, and treacherous "telephones" which are entirely treacherous computers that give you only the flimsiest illusion of control.
  • by antifoidulus ( 807088 ) on Thursday December 08, 2016 @08:53PM (#53449983) Homepage Journal
    Simpsons did it! [youtube.com]
  • by PopeRatzo ( 965947 ) on Thursday December 08, 2016 @09:14PM (#53450063) Journal

    At least my Lincoln Logs never spied on me.

    And I'm so old that when I was five and told my dad I wanted Lincoln Logs for Christmas, he handed me a hand axe, a piece of flint and some beef jerky and dropped me off in the woods. I was out there in my little jammies in the middle of December and let me tell you, it got so cold I had to kill a deer and crawl inside to keep from freezing to death. It was like something out of The Revenant.

    Yeah, I had a rough childhood, let me tell you.

    • by mjwx ( 966435 )

      At least my Lincoln Logs never spied on me.

      And I'm so old that when I was five and told my dad I wanted Lincoln Logs for Christmas, he handed me a hand axe, a piece of flint and some beef jerky and dropped me off in the woods. I was out there in my little jammies in the middle of December and let me tell you, it got so cold I had to kill a deer and crawl inside to keep from freezing to death. It was like something out of The Revenant.

      Yeah, I had a rough childhood, let me tell you.

      Bah, you were pampered.

      Every year I asked my dad for a .303 bullet. He slap me, then toss me a block of brass and some cordite, I had to mill my own Christmas present and I used to shoot myself in the foot with that .303 every year on Christmas morning... We didn't have no deer to crawl inside of and keep warm, we had to burn the remains of our hopes and dreams to keep warm then eat snow and tree bark for supper... And we were grateful for it.

      Try to tell kids that these days and they'll never believe

  • by Gravis Zero ( 934156 ) on Thursday December 08, 2016 @09:42PM (#53450153)

    As someone who actually looked and considered it, the toys are less nefarious than they seem to be accused of being. The physical toys are actually just (insecure) bluetooth speakerphone devices. Seriously, you can use the dolls to talk to people on the phone. Where the real danger lies is in the Android/iOS applications. I do not know if the application runs in the background 24/7 but I get the feeling you have to activate it to make the toy "smart" because always being on would cause battery drain issues. If your kid already has their own Android/iOS device then you have already failed on the privacy front.

  • and my submission [slashdot.org] gets put up. An interesting story, better late than never.
  • What if Teddy Ruxpin 3.0 overhears abuse? Shouldn't child-rearing AIs mandated reporters? We can also arm them to serve as guard bears.
  • There is a huge difference between "spying on kids" and "security hole". This article and complaint are such crocks of shit.

  • Back in 2008 when Jennifer Stoddart put the snow boots to Facebook, I came up with what still strikes me as a reasonable compromise, that legal proscriptions against reverse engineering only apply to products promising to collect/report no personal information whatsoever (with Draconian thumb screw stockades for corporations affixing a "does not collect" sticker by means of a cryptochemical Volkswagon-grade adhesive).

    It just seems wrong that a toy can A) collect personal information, and B) the user has no

  • This is a perfect playground for predators. How creepy? My goodness... Can you imagine somebody watching your child and you at the privacy of your home? Unbelievable!

If you have a procedure with 10 parameters, you probably missed some.

Working...