Germany’s Federal Network Agency (Bundesnetzagentur), which oversees telecommunications in the country, has recommended the destruction of the Cayla dolls after experts revealed they can be hacked.
Researchers say hackers can use an unsecure Bluetooth device embedded in the toy to listen and talk to the child playing with it, posing a potential danger to the child.
In the past few weeks, the Agency has asked stores to take Cayla out of their shelves. Anyone who already owns the toys are advised to destroy them or dispose them professionally off.
My Friend Cayla is a product of the British toy manufacturer Genesis and is marketed by the company Vivid.
Genesis Toys has not yet commented on the German warning. And Vivid Toy group has previously said that examples of hacking were isolated and carried out by specialists. However, it said the company would take the information on board as it was able to upgrade the app used with the doll.
The ‘My Friend Cayla’ doll has been shown in the past to be hackable, when its software vulnerability was first revealed in January 2015.
But experts have warned that the problem has not been fixed.
The Cayla doll is a smart toy, a toy that can connect to the Internet. The doll has a microphone and a loudspeaker and communicates via Bluetooth with a Smartphone app. When her necklace is lit, the doll is online and children can ask questions that Cayla subsequently tries to answer.
For example, if a child asks the doll “what is a little horse called?” the doll can reply “it’s called a foal”.
However Germany’s Federal Network Agency says its smart technology can reveal personal data.
The warning came after Stefan Hessel, a student of the University of Saarland, raised legal concerns about My Friend Cayla.
Mr Hessel, quoted by the German website Netzpolitik.org, said a Bluetooth-enabled device could connect to Cayla’s speaker and microphone system within a radius of 10m. He said an eavesdropper could even spy on someone playing with the doll “through several walls”, posing danger to the family.
A spokesman for the Agency told Sueddeutsche Zeitung daily that Cayla amounted to a “concealed transmitting device”, illegal under an article in German telecoms law.