Back in 1984, a boy in a movie bought a cute, fuzzy, little pet that gurgled and made happy noises. However, when he didn’t heed the warning to keep his pet away from bright light, to not get it wet, and to not feed it after Midnight, it unleashed a slew of nasty Gremlins.
Today that story is a little too real. A range of toys now have been built using Bluetooth technology. This is the same technology that is used to run other parts of the Internet of Things and can expose you and kids to dangerous real life gremlins, no matter how cute and cuddly a toy it comes in.
Toys Are Listening
Some toys out and out say they are recording and sending information to people if you read the fine print. According to Joseph Stineberg in Forbes talking specific about a doll called “Hello Barbie”:
A normal speak version of this would be that the voice of anyone who speaks in the presence of this doll has given the doll company the rights to record their voice, that those recordings may be kept as long as they want, and can be shared with third parties.
The Hello Barbie is just one of a collection of recording and reporting toys from the ToyTalk company.
Toys Are Talking
These listening toys also “talk” to the child. The “conversation” of these dolls aren’t random. They are designed by the company to encourage a relationship with the child and to talk about things the child is interested in. Surprise! They also talk about what the company that makes them wants to say about certain products that have arrangements with the doll companies.
Jeff John Roberts in Fortune reporting on a claim privacy advocate groups have made to the FTC:
“My Friend Cayla is pre-programmed with dozens of phrases that reference Disney movies and theme parks. For example, Cayla tells children that her favorite movie is Disney’s The Little Mermaid and her favorite song is “Let it Go,” from Disney’s Frozen. “Cayla also tells children she loves going to Disneyland and wants to go to Epcot in Disneyworld,” says the complaint, which says such activity amounts to a deceptive form of product placement.”
Snopes takes a less drastic view of My Friend Cayla, but confirms several of the points about her recording and legal actions taken against the doll.
Things Not Intended
The examples of talking and listening above are deliberately built into the toys, but they also open up other possibilities. Reuben Paul, a child computer prodigy, presented to security experts at The Hauge earlier this year. His demonstration including using a Bluetooth enabled bear and a Raspberry Pi to harvest phone numbers from audience members and use them to hack into the bear turning functions on and off remotely and using it to record audio.
In this Guardian article, Paul is quoted as describing some of the dangers associated with these capabilities:
“They could be used to steal private information such as passwords, as remote surveillance to spy on kids, or employ GPS to find out where a person is, he said. More chillingly, a toy could say “meet me at this location and I will pick you up”, Reuben said.”
Not Just Toys
These Bluetooth toys seem especially dangerous because they are aimed at children, but adult “toys” and conveniences have the same capabilities as well. Anything hooked up by Bluetooth could be used to take video or photos if you have a camera, track locations, websites used, media played, etc. Information you consider private may be transmitted to a company or hackers might use the information to find out a great time to rob your home. Some examples are in this second Forbes article by the same Steinberg quoted above.
It’s Up To You, But Realize You Are Making a Choice
It may be that you feel the convenience or the cool factor is easily worth the risks and that’s a valid decision, but be aware that the risks exist and that you are taking them. Also, remember to live by the politicians rule and assume every camera and microphone is live.