German regulators have banned the popular My Friend Cayla dolls in the country over fears that the bright-eyed, talking smart doll could be used by hackers to illegally spy on children. Germany's Federal Network Agency (Bundesnetzagentur) has advised parents who bought the doll for their kids to destroy or disable its wireless connection.
Manufactured by the US company Genesis Toys and distributed in Europe by Vivid Toy Group, the internet-connected doll is equipped with a bluetooth device and uses speech recognition software, allowing it to listen and respond to questions.
"Objects that conceal transmittable cameras or microphones and thus pass on data unintentionally endanger the privacy of the people," Federal Network Agency head Jochen Homann said in a statement, Deutsche Welle reports.
"This also applies to children's toys. The doll Cayla is forbidden in Germany. This is at the same time about the protection of society's most vulnerable."
This week, the Federal Network Agency classified the doll as an "illegal espionage apparatus." Germany has stringent laws to protect against surveillance where East Germany's secret police, Stasi, and the Nazi era Gestapo kept a close watch on citizens.
Under German law, it is illegal to sell or posses a banned surveillance device. According to German media reports, people who violate this law could face up to two years in jail.
The Germany telecommunications watchdog warned that "toys as espionage devices are dangerous" as conversations of children may be received and relayed without their parents' knowledge.
The ruling by Germany's regulators comes after a student at the Saarland University raised serious concerns over the security and legality of the device.
"Access to the doll is completely unsecured," Stefan Hessel told Saarbrücker Zeitung. "There is no password to protect the connection."
He warned that hackers could potentially gain illegal access to the doll through its unsecure bluetooth connection from up to 15m away "through several walls" to listen in children playing with the doll and even talk to them.
The UK Toy Retailers Association told the BBC that the doll "offers no special risk" and "there is no reason for alarm."
However, the EU Commissioner for Justice, Consumers and Gender Equality Vera Jourova said: "I'm worried about the impact of connected dolls on children's privacy and safety."
The Commission is currently looking into whether smart dolls violate the EU's data protection laws, the publication reports.
In early 2015, security researcher Ken Munro from Pen Test Partners discovered that the My Friend Cayla doll could be easily hacked to say any number of things.
Last year, Norway's Consumer Council (NCC) found Cayla and similar toys such as the i-Que Intelligent Robot and Hello Barbie "failed miserably" at protecting children from potential hacks and snooping attacks.
In December 2016, privacy advocated filed a complaint with the US Federal Trade Commission alleging that Genesis Toys violates privacy laws by sending voice recordings to software company Nuance Communications.
"These voice recordings are stored and used for a variety of purposes beyond providing for the toys' functionality," the complaint read.