Skip to main content

Germany Says Auf Wiedersehen to Hi-Tech Doll

The German government has banned a hi-tech doll that has given U.S. privacy groups and Red Siege founder, Tim Medin, concerns for years.

The My Friend Cayla doll, which remains on sale in the U.S., violates a portion of the German statute that "prohibits the possession, production, distribution, importation or otherwise of transmitters or other telecommunications equipment ... which in appearance mimic another object or which are disguised."

In short, the blond-haired, Bluetooth connected doll gives no information that it collects and transmits everything it hears.  Used as intended, children can interact with Cayla through an app or through voice commands.

"The toy had many strong security features to ensure a normal child using the doll would not stumble into inappropriate content," Medin said.  "However, other development choices would allow a nefarious user to gain access to the device that could be dangerous."

In 2015, Medin purchased My Friend Cayla doll and expressed concern about some of the security and privacy features in a blog post.

"Any, and I mean ANY system with Bluetooth (tablet, phone…or laptop) can connect to this device and use it as a speaker or as a remote mic. The toy is essentially a cute bluetooth headset," Medin concluded. "Anyone within range can use this toy to listen to and communicate with a kiddo. Again, the only protection here is that only one device can be connected at a time. This is not a safe mechanism to protect someone from communicating with my child."

As internet-connected toys become more common, it is incumbent on developers to institute best practices to prevent security concerns and safeguard the scores of children who will play with devices like the My Friend Cayla dolls.


Red Siege is an information security consulting company that concentrates on the latest threats to organizations today. We aim to find the vulnerabilities before the bad guys. Red Siege offers a host of services including Internal Pivot Assessment and Post Exploitation; Adversary Simulation; Penetration Testing and Vulnerability Assessments; Advanced Product, Hardware & RF Testing; and more. Red Siege can be reached at, 234.249.1337 or online at


Popular posts from this blog

Up Your Game! - Red Siege Founder to Keynote BSidesOK 2018

Red Seige founder Tim Medin has been tapped to give the keynote presentation at BSides Oklahoma, a security conference focused on practical, hands-on training for improving security.

Medin will share a talk called "Up Your Game!" where he examines how to make yourself more efficient and offers practical recommendations on what conference goers can do to meet their self and career development goals so they have more time for the things they truly love.

"I truly believe this topic is critical for each person who will attend BSides Oklahoma.  I am excited to share what I have learned launching Red Siege and help others take control of their own goals," Medin said.

BSides Oklahoma includes a two-day security training on April 11 and 12 and will conclude with a conference on April 13 at the Glenpool Conference Center in Glenpool, OK.

"I am excited to join BSides Oklahoma for this exciting week and have the opportunity to meet, talk with and learn from other securit…