you're reading...
'everything that's old is new again', 'R' rated, agenda, anger, Christmas, crime, customer service, dangerous, errors-in-judgement, parenting, surveillance, toys, vigilance

Just In Time For Christmas!

(from my friend Borepatch)

Dangerous toys NOT to get for Christmas

I strongly recommend that you do NOT buy the My Friend Cayla doll, the i-Que robot, or the Barbie Hello Dream House as gifts due to a grotesquely dangerous security flaw in the toy’s design.
I often rant about poor security in products and how “security wasn’t an afterthought, it wasn’t thought of at all.”  Mostly it’s about something that is unlikely to effect most of all y’all.  This time is different – here are some toys that can endanger children, and I STRONGLY recommend that you do NOT buy these as gifts this holiday season.

My Friend Cayla is a doll with embedded voice recognition technology similar to Apple’s Siri, that can interact with children.  It not only listens to what the child says but can respond appropriately.

While it’s somewhat concerning that the doll “phones home” over the Internet for the voice recognition to work, the issue isn’t that it’s listening in on your kid.  Mind you, I find this more than a little creepy, but I remember when there were only 3 TV channels.

The danger is that the doll is Bluetooth enabled, and the Bluetooth is completely unprotected.  What this means is that anyone within Bluetooth range (which at 100 yards is actually further than many think) can connect to the doll and start talking to your child as she plays.

Let me say that again – Joe Shmoe in the park across from your house can connect to your little Princess’ doll and have a chat.There’s a video of this, although they’re wrong to call it a “hack”.  It’s simply use of the functionality as it was designed.

Also using the exact same technology with exactly the same flaw is the i-Que robot: this isn’t just a threat to little girls.

Unconfirmed reports also include the Barbie Hello Dream House.  I don’t know whether this is vulnerable to remote Bluetooth access, and it’s almost certain that nothing definitive will be published on this before the holidays.  Given that I recommend that you don’t buy this, either.

This seems to me to be bordering on criminal negligence by the companies involved (certainly My Friend Cayla and i-Que; possibly Mattel).  The idea that a child’s toy could be released that would allow someone to remotely talk with your child his his or her own bedroom is mind bogglingly stupid.

To reiterate, I strongly recommend that you do NOT buy the My Friend Cayla doll, the i-Que robot, or the Barbie Hello Dream House as gifts due to a grotesquely dangerous security flaw in the toy’s design.

Anyone remember “My name is Talky Tina” from Rod Serling’s Twilight Zone?  These toys take that to a whole new level.

Frightening.

Advertisements

About guffaw1952

I'm a child of the 50's. libertarian, now medically-retired. I've been a certified firearms trainer, a private investigator, and worked for a major credit card company for almost 22 years. I am a proud NRA Life Member. I am a limited-government, free-market capitalist, who believes in the U.S. Constitution and the Rule of Law.

Discussion

5 thoughts on “Just In Time For Christmas!

  1. These toys will be bought by the same people who buy the Samsung smart TVs, which listen to your conversations, and record your facial expressions. The blind trust of naïve consumers, blithely assuming that everything is not only okay, but benign, still astounds me. And just when I thought they couldn’t be any more susceptible … sigh.

    Posted by Rev. Paul | December 13, 2016, 9:55 am
  2. Those were off the list anyway…

    Posted by Old NFO | December 13, 2016, 2:47 pm
  3. The huge problem with tech stuff – toys, phones, electrical power grids, etc., is the overwhelming drive by companies to just make it work, preferably yesterday, instead of making it work and be secure.
    Security isn’t even thought about until someone exposes the flaw and then it’s, “Gosh, how did this happen?”

    Unsecured bluetooth? By now even Goober Pyle knows that’s not secure!

    Posted by KM | December 13, 2016, 3:53 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

"Round up the usual suspects."

In Loving Memory…

%d bloggers like this: