, , ,

Back in 1984, a boy in a movie bought a cute, fuzzy, little pet that gurgled and made happy noises. However, when he didn’t heed the warning to keep his pet away from bright light, to not get it wet, and to not feed it after Midnight, it unleashed a slew of nasty Gremlins.

Today that story is a little too real. A range of toys now have been built using Bluetooth technology. This is the same technology that is used to run other parts of the Internet of Things and can expose you and kids to dangerous real life gremlins, no matter how cute and cuddly a toy it comes in.

Toys Are Listening

Some toys out and out say they are recording and sending information to people if you read the fine print. According to Joseph Stineberg in Forbes talking specific about a doll called “Hello Barbie”:

“When a child speaks into a microphone on the doll, the doll records the child’s voice and transmits the recording for processing to a cloud-based service called ToyTalk. Once analysis is complete, an appropriate audio response is streamed back to the Doll which then “speaks” to the child….ToyTalk’s terms of service and privacy policy allow it to “share audio recordings with third party vendors who assist us with speech recognition,” and state that “recordings and photos may also be used for research and development purposes, such as to improve speech recognition technology and artificial intelligence algorithms and create better entertainment experiences.”

A normal speak version of this would be that the voice of anyone who speaks in the presence of this doll has given the doll company the rights to record their voice, that those recordings may be kept as long as they want, and can be shared with third parties.

The Hello Barbie is just one of a collection of recording and reporting toys from the ToyTalk company.

Toys Are Talking

These listening toys also “talk” to the child. The “conversation” of these dolls aren’t random. They are designed by the company to encourage a relationship with the child and to talk about things the child is interested in. Surprise! They also talk about what the company that makes them wants to say about certain products that have arrangements with the doll companies.

Jeff John Roberts in Fortune reporting on a claim privacy advocate groups have made to the FTC:

“My Friend Cayla is pre-programmed with dozens of phrases that reference Disney movies and theme parks. For example, Cayla tells children that her favorite movie is Disney’s The Little Mermaid and her favorite song is “Let it Go,” from Disney’s Frozen. “Cayla also tells children she loves going to Disneyland and wants to go to Epcot in Disneyworld,” says the complaint, which says such activity amounts to a deceptive form of product placement.”

Snopes takes a less drastic view of My Friend Cayla, but confirms several of the points about her recording and legal actions taken against the doll.

Things Not Intended

The examples of talking and listening above are deliberately built into the toys, but they also open up other possibilities. Reuben Paul, a child computer prodigy, presented to security experts at The Hauge earlier this year. His demonstration including using a Bluetooth enabled bear and a Raspberry Pi to harvest phone numbers from audience members and use them to hack into the bear turning functions on and off remotely and using it to record audio.

In this Guardian article, Paul is quoted as describing some of the dangers associated with these capabilities:

“They could be used to steal private information such as passwords, as remote surveillance to spy on kids, or employ GPS to find out where a person is, he said. More chillingly, a toy could say “meet me at this location and I will pick you up”, Reuben said.”

Not Just Toys

These Bluetooth toys seem especially dangerous because they are aimed at children, but adult “toys” and conveniences have the same capabilities as well. Anything hooked up by Bluetooth could be used to take video or photos if you have a camera, track locations, websites used, media played, etc. Information you consider private may be transmitted to a company or hackers might use the information to find out a great time to rob your home. Some examples are in this second Forbes article by the same Steinberg quoted above.

It’s Up To You, But Realize You Are Making a Choice

It may be that you feel the convenience or the cool factor is easily worth the risks and that’s a valid decision, but be aware that the risks exist and that you are taking them. Also, remember to live by the politicians rule and assume every camera and microphone is live.

Sarah Uthoff is a reference library at Kirkwood Community College. LIKE the Kirkwood Community College Library on Facebook and find links to Sarah all over the web at her About Me Profile.