Security researcher Ken Munro discovers vulnerability in Vivid Toy’s talking Doll ‘Cayla’
Vivid Toy’s best seller talking doll ‘Cayla’ has vulnerabilities which can be exploited by potential hackers to make the talking doll say what they want remotely. The vulnerability was discovered by security researcher Ken Munro, from Pen Test Partners. Munro, who has given a one on one to BBC’s Tech Tent program and will feature in today’s edition, discovered a vulnerability in Cayla’s software which allows for it to be hacked, and essentially say any number of things.
Munro has also demonstrated the hack to the BBC’s Rory Cellan-Jones. As Munro has not released the PoC and BBC’s Tech Tent is yet to be aired, it is not known what the vulnerability is but it is in the App that connects Cayla with the smartphone.
Cayla is an Internet-connected talking doll from Vivid Toys, She uses speech recognition software and Google Translate technology to communicate with the child. Unveiled in November 2014, Vivid Toys says that children can have any amount of conversations with the doll and Cayla will be “the smartest friend you’ll ever have.”
While I am not into hacking, This in the right hands could be funny.