FORT MYERS, Fla. Zohar Pinhasi isn’t worried about what his daughter’s My Friend Cayla doll says, but rather who is listening when the little girl talks back.
Any toy with a Bluetooth connection that doesn’t have a pin is dangerous, he said.
“This needs to be off the shelf, period,” said Pinhasi, a cyber security expert. “With zero knowledge you’ll be able to hack one of those devices and you don’t need to have special equipment. That is the scary part.”
Someone with limited hacking knowledge can use their cell phone to access the toy, Pinhasi said.
That has some parents on edge.
“There are perverts, there are pedophiles that are on the prowl to young kids these days, and that’s what they’re doing,” one mother said. “They’re sitting at their computer and they’re talking, they’re hunting.”
The Electronic Privacy Information Center filed a complaint with the Federal Trade Commission regarding the My Friend Cayla doll, claiming the toy “deceptively collect, use and disclose audio files.”
U.S. Sen. Bill Nelson (D-Florida) sent letters to the toy maker and the FTC in March regarding hacking concerns.
“Children are in danger. That private information, that is either put in an application to activate toy or information that is transmitted to and from the toy for example, geo-location, that puts children at risk,” he wrote.
The FTC, in their response to Nelson, would not say if the doll is being investigated.
Nuance, the software company connected to the doll, said in a statement that it has a policy to not use or sell voice data for marketing or advertising purposes.
“We have not received an inquiry from the FTC or any other privacy authority regarding this matter, but will respond appropriately to any official inquiry we may receive,” the company said on its blog.
Pinhasi advises parents to not purchase a toy with Bluetooth capabilities unless it has a pin.