Bluetooth dummies, Cayla the doll, and their friends

Spies in the playroom

27 April 2017

Networking doesn’t stop at the playroom door: But electronic toys with an Internet connection can compromise privacy. In the worst-case scenario, private data may be misused or hackers may manipulate the digital playroom. TÜV NORD digitalisation expert Ulf Theike explains why consumer protection has lagged behind technical developments and how parents can protect themselves from unwanted interference with their privacy.

Smart dummies aren’t the stuff of science fiction: they are real. Dummies that soothe babies while simultaneously taking their temperature and immediately forward unusual readings via Bluetooth to a parental smart phone are already on the market. And this isn’t all the dummy, known as “Pacif-i”, can do – if the infant heads off with it in its mouth, the associated app immediately sounds the alarm.

But, as far as Ulf Theike, the member of staff at TÜV NORD responsible for the digitalisation of business models, is concerned, a product that is designed to soothe parental nerves is a real cause for concern. He even talks in terms of a “spy dummy” and sounds this warning against the deliberate misuse of data: “One possible scenario could be that high temperature curves recorded over a long period might be misappropriated to draw conclusions about capacity to work if, for instance, the child was ill more frequently than other children.” Ulf Theike sees a further weakness in the cyber-security field. Consumer goods must be secure enough to ensure that hackers can’t hijack their computing power, for instance to attack the servers of large companies - as happened in autumn 2016 to online giants such as Twitter, eBay, Netflix and Spotify.

Federal Network Agency bans the Cayla doll

The most recent example of data misuse, in which a toy transmits private date from the playroom to the digital world, is the Cayla doll. Children can talk to her – with the aid of a microphone, speakers and Internet access. From the outset, the toy was a thorn in the side of the data and consumer protection agencies because of its potential for misuse as a bug or listening device. In a speech given in January, Jochen Homann, President of the German Federal Network Agency, made the following announcement: “We’re going to take Cayla off the market as soon as we can.” The definitive ban followed in February because Cayla was considered to be a broadcast-ready device in disguise. “Objects which can conceal broadcast-ready cameras or microphones and silently forward data jeopardise the privacy of individuals. This is also – and especially – true of children's toys”. Such was the tenor of the declaration of the German Federal Network Agency. Sales of the doll were accordingly halted. And because the possession of a listening device is also punishable by law, parents who already have one of the dolls should have it professionally disposed of.

Networked technology needs rules

The Cayla case proves that the existing laws in Germany and the European Union are fundamentally equal to the task of protecting consumers from the dangers posed by the increase in networking. “But what are currently sorely lacking are implementing provisions for testing organisations and business enterprises,” says Ulf Theike. There is currently no authoritative answer to the question of how robustly a toy needs to be tested in relation to IT security. The Toys Directive, for example, regulates only mechanical or chemical properties but not requirements for Internet capability. In this area, Theike sees that there is an enormous amount of work to do if comprehensive consumer protection is going to be restored in the near future. In his opinion this applies not only to toys but to all products with an IT interface - whether they be cars, lifts, teddy bears or insulin pumps. "We need laws that set the rules for software updates just as much as they define the measures for cyber-security,” says Theike. He even goes a step further in his call for a new review of all networked products: “We’re not just talking about IT security here but about the interplay of all risks, because Internet capabilities can under certain conditions give rise to brand new risk potentials that have never before been taken into account.” It’s for this reason that it is so important to have impartial third parties test the security of smart products on an ongoing basis. His demand is this: “The IT security issue must be included in the rulebooks and be made the subject of compulsory testing so that playrooms, for instance, can once again become more secure places.”

Smart toys promote interactive learning

Notwithstanding all the criticism of the current security level of networked technology, he also sees opportunities: “IT interfaces in the playroom and elsewhere are fundamentally a good thing.” The digitalisation expert is convinced that, if used in accordance with good educational and security practices, networked technology supports interactive learning and allows children to learn through play. Assuming they satisfy certain conditions, he even sees the benefits of smart dummies: "If the child is really sick, the dummy becomes a medical device that monitors the patient more effectively and offers a safety benefit.”

What parents should watch out for

Parents can use the following tips to protect their offspring from data spies in the playroom. TÜV NORD recommends the following:

  • Seek information – before buying a smart product, parents should ask the following questions: Who is the manufacturer? What happens to the data? Where are they stored?
  • Observe age ratings – especially with games with video content, for example educational toys, parents should check whether the child is of the right age.
  • Rely on well-known brands – in principle it’s better to trust well-known manufacturers and large companies than, for example, unknown low-cost suppliers from Asia. You should ideally buy tested goods, although this practice is not yet widespread.
  • Switch off – devices that don’t need to be permanently connected to the Internet can happily go into offline mode when they aren’t in use. After all, the real problem is not faulty or inadequate software but the connection to the Internet – and the only absolute security you get is offline.
  • Be sparing – the more customers disclose personal data, the more accurate the personal profiles that can be created. If you don’t want to make yourself vulnerable on the net, you should keep to the principle of data minimisation and share only the bare minimum of information about yourself and – in particular – your children with third parties.

About Ulf Theike

Ulf Theike, Managing Director of TÜV NORD Systems, is the person responsible for the digitalisation of business models and internal processes in the Industrial Services business unit.

Spy toys

Vulnerabilities or hacked toys regularly cause a stir. An overview of further products:


Kids love the cuddly toys from US-based Spiral Toys with their button eyes, soft fur and small heart on the breast. The “CloudPets” can be linked to your smartphone – their heart flashes when voice messages from the Cloud are played back. The company made headlines when it recently came to light that the associated customer database with some 800,000 user accounts was not sufficiently protected – and hackers could easily gain access to the voice messages.

Hello Barbie

Manufacturer Mattel had to put up with a lot of criticism in 2015 for “Hello Barbie”: The doll that, like Cayla, can talk to kids is widely regarded to be a spy in the playroom. Mattel recently unveiled a virtual Barbie that you can no longer touch: The “Hello Barbie Hologram” is to be controlled using voice commands. Mattel has promised not to store any conversations and to encrypt all data prior to transmission.


The educational toy manufacturer “VTech“ fell victim to a colossal data theft in 2015: Hackers hijacked the server and stole the data of more than 10 million customer profiles around the world. According to the company, approximately 509,000 child accounts and roughly 391,000 parental accounts were affected in Germany alone.