Blog: Internet Of Things

My Friend Cayla wakes up and smells the lawsuits

Ken Munro 06 Dec 2016

smellthecayla2It’s nearly a year since we first reported our findings on the security and privacy issues associated with the Vivid Imaginations Toy Group’s My Friend Cayla interactive doll.

Amongst a litany of  issues we found that an attacker could easily intercept and join-in communications between a child and the toy. That means any random stranger within Bluetooth range of a child and their toy can interact with them. Not cool.

Also, remember when we suggested that litigation would be one of the few motivations for IoT vendors to up their game? Well, this might be the start of it…

Today the BEUC (Bureau Européen des Unions de Consommateurs) published a press release stating that:

“…consumer organisations in Europe and the United States are now filing complaints to relevant national authorities on what seems to be obvious breaches of several consumer laws”.


In particular the Norwegian Consumer Council has written an open letter of concern to the The Norwegian Directorate for Civil Protection. It closes by saying that the BEUC wants to present their concerns to the EU Commission’s Expert Group on Toy Safety.

Wow, finally key consumer protection organisations are waking up to the child privacy breach issues at stake here. Good on them.