2 min read

The French Take Action Against Connected Toys Company Parents Should Think Twice About Gifting a Smart Toy this Christmas

Ionut ILASCU

December 08, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
The French Take Action Against Connected Toys Company Parents Should Think Twice About Gifting a Smart Toy this Christmas

The My Friend Cayla connected toy, already banned in Germany for privacy concerns, is now on probation in France, where the data protection agency has issued a warning to the manufacturer regarding the security risks that come with the product.

Cayla is not the only smart toy to draw the attention of the French National Data Protection Commission (CNIL). i-Que, a robot designed to engage children in interactive experiences, is in the same boat. Both products come from Genesis Industries Ltd, which collects from the toys audio content that could reveal personal information like names and addresses, the commission says.

The smart playthings include a microphone and a speaker, and they use Bluetooth to receive commands from a mobile app. The connection, though, is insecure: it does not require authentication or validation of the paired device. Cayla and the i-Que robot function as Bluetooth speakers so, if a phone connects to them, a stranger could hear and record what the child says to the toy or nearby conversations.

CNIL asserts that even if with obstacles in between, an individual would have to be within nine meters from the smart toy for successful pairing. The agency also said it was possible to communicate through the toy, either by using prerecorded messages or with the toys’ hands-free kit, just by calling the phone already connected to Cayla or i-Que.

The security gaps in these products violate the French Data Protection Act in two ways, CNIL said in a blog post this week. First, the two devices fail to protect private conversations by establishing a connection with any Bluetooth-enabled equipment without validating it first. Second, the toys do not seek user consent for the vendor to process personal data or to send audio content to a provider outside the European Union.

The French regulatory body gives the device maker two months to comply with the country’s data privacy law. The first act of the law states that information technology “shall not violate human identity, human rights, privacy, or individual or public liberties.” If the company does not act on the warning by the deadline, CNIL has the power to issue sanctions, pecuniary or of another type.

Concerns about My Friend Cayla and i-Que robot security faults have been reported since late last year by multiple parties. Four consumer groups filed in 2016 a complaint with the US Federal Trade Commission (FTC) raising privacy concerns. The Norwegian Consumer Council published a video around the same time about the spying potential of the two smart toys.

Although the smart toys could pose a threat to privacy, users can minimize the risk. They pair with one device at a time and connect with the most recently used one. Enabling Bluetooth first on the mobile phone or tablet and then on the toy, should ensure a link to the correct device. Also, parents should turn off the toys when they are not in use and make sure that their connected gear has the latest updates installed.

Image credit: Genesis Industries

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read