The Cutprice Guignol

Talking dolls, for the better part of a century now, have been a staple of many a child’s toy collection. From Thomas Edison’s take on the talkative toy to classic pull-string operated dolls with a collection of classic phrases, they’ve been a standard for many doll collectors both young and old. But what happens when a modern take on the talking doll ends up the centre of a national security panic – and even lands a ban from a national federal network agency who warned owners that it constituted a concealed espionage device? Let’s talk about the controversial release of My Friend Cayla and how a talking doll became the centre of an international security panic.

My Friend Cayla was first conceived by Bob Delprincipe (probably best known for his development of the now-iconic Tekno the Robotic Dog) in the early 2010s, and was picked up for distribution by Genesis Toys, an international distributor of children’s products focused on making use of new technologies to enhance their new toy releases. My Friend Cayla, according to the promo text on the company’s website, was “a beautiful 18″ interactive fashion doll” who functioned more like a real friend than a simple toy: “ask her questions about herself, people, places, and things! She’s the smartest friend you will ever have!… She is not just a doll… she’s a real friend!”

Cayla’s function was relatively simple, but offered a level of interactivity that was at the forefront of her marketing. She was fitted with a microphone that would pick up on words spoken in her vicinity, before sending them to a Bluetooth-connected app that would search the internet using keywords gathered from the audio input to put together a response. Once she had an answer, the app would feed it back to her and she would speak it out loud, at about a one-second delay. Aside from acting as a glorified search engine, she also came pre-programmed with various personal likes and dislikes, from preferred foods to her pop star of choice. She’s pictured on the website in a chic denim jacket and a pink skirt over a pair of jeans that I would have worn the hell out of in 2011; 3 AAA batteries not included.

The idea of a doll that could feasibly have full-blown conversations with its owners was one that garnered plenty of attention, even being named Innovative Toy of the Year by the London Toy Association in 2014. The doll cost around £59.99 (around $80 USD), and was touted as one of the most-wanted dolls in the coming Christmas season. It sold well, though the reviews, when they started to come in, were slightly less convincing. Buyers found that Cayla struggled to understand what was being said unless it was spoken very loudly and slowly right next to her face in a quiet room. One reviewer remarked that the doll was slightly unsettling, often talking to itself when it had been left untouched for long enough – “when no one talks to her for a while, she will talk about herself and her family to keep your children entertain [sic]… But sometimes she does her creepy laugh which can be quite scary!”.

While all dolls hold a bit of an inherent creepy factor, I have to admit, there’s something uniquely unsettling about Kayla – that static, cheerful robot voice attempting to sound as convincingly human and friendly as possible does have a certain uncanny quality to it, and I can’t say that I would have been too keen to get my hands on one of these dolls if I had been a kid when they’d hit the shelves. This sinister promotional image of Cayla looming between two young girls really says it all:

But it wouldn’t take long till Cayla was revealed to be scary in an entirely more palpable fashion. On 30th January 2015, the Tech Tent, a show on the BBC World Service, shared a clip of security researcher Ken Munro, who had identified a unique vulnerability in Cayla’s software – specifically, that the app, which was unprotected by any kind of passcode, could be hacked to force Cayla to say almost whatever the hacker wanted. To prove his point, Munro has Cayla take a very different approach to her usual friendly nature. “I’m in charge now,” Cayla announces. “You might thing I am just a sweet toy, but now I have been hacked, I can say all sorts of scary things”. Munro encouraged parents to keep Cayla turned off when not in use and to carefully lock down all devices attached to her.

But it wasn’t just Munro who raised concerns about the toy’s vulnerabilities. Towards the end of 2015, Tim Medin, of Red Siege Information Security, tested the limits of the doll’s security, and found that not only could the app be hacked to allow her to say whatever you wanted, but that you could play any noises you wanted through her speakers – which he proved by running some of the sound effects and screams from the movie Poltergeist through Cayla. Additionally, Medin remarked on how easily the toy could be repurposed into a remote speaker by anyone close enough to connect via Bluetooth. “”In an apartment complex many people could be in range of this device and use it for nefarious purposes,” he pointed out. “This toy can be used to listen to, and communicate with a child with no authentication required.”

In theory, the toy was protected from covert access because the doll’s necklace was supposed to light up whenever it was switched on. However, as Stefan Hessel, a law student from Germany, pointed out, that feature could easily be turned off using the app, meaning that anyone within a certain radius of the doll could feasibly be listening in without anything to raise the alarm.

With the doll’s vulnerabilities laid bare right before Christmas shopping season, Genesis Toys swiftly tried to brush off the concerns about the issues with Cayla’s security. General manager of Genesis, Peter Magalhaes, insisted that “Cayla was basically the subject of a tech prank”, and the toy was stocked on shelves that year, landing in homes across Europe and America.

But the criticisms didn’t end there. European consumer watchdog Beuc identified certain biases in the answers that Cayla would give, indicating a particularly affinity for Disney products, adding in a layer of covert marketing that feels particularly cynical to attach to a child’s toy like this. Perhaps more concerningly, though, they pointed out that Nuance Communication, the company through with the doll’s audio input was processed, reserved the right to share the information received with third parties, meaning that children’s recorded conversations could feasibly be used in further targeted marketing.

However, the harshest statement against the toy came in early 2017, when Hessel released a legal opinion about whether the doll’s security vulnerabilities constituted a violation of the German Telecommunications Act. In his conclusion, Hessel noted that “…my friend Cayla” is a camouflaged transmitter that is also suitable for secretly listening to conversations. However, it is questionable whether there is also a determination of the transmitter system. From the author’s point of view, there are decisive reasons for the fact that the dummy is also intended for listening and thus a prohibited transmitter…”

Hessel submitted this opinion to authorities, and, in February 2017, a spokesperson for the Federal Network agency confirmed their conclusions: the doll met all the criteria of a prohibited spy device. This meant not only that the doll had to be taken off the market in Germany with immediate effect, but that anyone in possession of a doll would be called upon to destroy it at once. Due to the ruling of the toy as a prohibited transmitter, sale and possession could land anyone who owned the doll in prison for up to two years due to its classification as a concealed espionage device.

The toy continued to be sold in other countries, though several other national agencies took issue with the doll’s security. In the USA, a complaint was filed with the Federal Trade Commission highlighting the danger the doll’s vulnerabilities placed on child consumers, and a letter of concern was submitted to a public agency in Norway regarding Cayla. The toy was pulled from sale by some retailers, including Amazon Spain, with others offering refunds for dolls that had already been sold. Child welfare charities, such as Campaign for a Commercial-Free Childhood, campaigned for major retailers like Toys ‘R’ Us to remove the doll from sale – “we urge you to put the welfare of children first,” they wrote, in a letter underlining the dangers it posed. My Friend Cayla soon began to fade in public memory as it slowly started to vanish from shelves, and the obvious security concerns seem to have put paid to what once had looked like an innovative new addition to the children’s toy market.

But My Friend Cayla is far from the only doll to be faced with such security concerns. Around the time of Cayla’s release, Mattell released Hello Barbie, an internet-connected Barbie doll that retailed for $75 dollars – but whose cloud server was accessible and allowed hackers to access recordings of children’s conversations with their toy. Currently, many toys are sold as part of a wider integration into smart homes in general, with items like Tonies Toybox connecting to in-house WiFi to either download stories or play audio clips. Other toys, like Roybi Robot, teach kids various subjects by using visual and audio inputs to identify facial reactions, but the information is entirely collected by the parent or guardian instead of a cloud network; while these are undoubtedly safer than Bluetooth-enabled toys like Cayla, the potential security risks of such toys might yet reveal themselves.

As for Cayla, she’s languishing in an exhibit in the Swedish Museum of Failure; the doll was donated by a parent who re-discovered it after the German ban and donated it to the museum for part of their exhibition about the history of really grand screw-ups. Cayla “failed miserably at safeguarding basic consumer rights, security, and privacy”, according to their description of her – and it’s a pretty fair assessment of one of toy history’s most abjectly shocking failures. I would love to hear from you if you or a family member had a My Friend Cayla doll at any point, or other similar toys; let me know in the comments below!

Check out my other related longform writing on tech and toys here:

“Believe It or Not, I Am Shaken by This”: The 1983 Cabbage Patch Kids Riots

The Suicide and the Chatbot: The Rise and Risks of AI-Human Relationships

“In The End, I Watched Him Go”: The Criminal Case of Suicide-Baiting via Internet

If you’d like to support my blog, please consider supporting me on Patreon or dropping me a tip via my Support page.