Security &amp; Privacy in Smart Toys

Valente, Junia; Cárdenas, Álvaro A.

doi:10.1145/3139937.3139947

Cited by 41 publications

(25 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, this pattern of good privacy posture being let down by weak implementation is not unique to the toys in our study. Recently, researchers have shown that in spite of an encryption mechanism intended to preserve the privacy of children's voice recordings in transit, a particular toy's usage of a fixed set of keys made it possible to completely decrypt any voice communication between the toy and its server [8].…”

Section: A Privacy Policy Violationsmentioning

confidence: 99%

Security and Privacy Analyses of Internet of Things Children’s Toys

Chu

Apthorpe

Feamster

2019

IEEE Internet Things J.

View full text Add to dashboard Cite

This paper investigates the security and privacy of Internet-connected children's smart toys through case studies of three commercially-available products. We conduct network and application vulnerability analyses of each toy using static and dynamic analysis techniques, including application binary decompilation and network monitoring. We discover several publicly undisclosed vulnerabilities that violate the Children's Online Privacy Protection Rule (COPPA) as well as the toys' individual privacy policies. These vulnerabilities, especially security flaws in network communications with first-party servers, are indicative of a disconnect between many IoT toy developers and security and privacy best practices despite increased attention to Internetconnected toy hacking risks.

show abstract

Section: A Privacy Policy Violationsmentioning

confidence: 99%

Security and Privacy Analyses of Internet of Things Children’s Toys

Chu

Apthorpe

Feamster

2019

IEEE Internet Things J.

View full text Add to dashboard Cite

show abstract

“…For instance, some of the toys we examined present content fetched over an unencrypted channel, making them subject to being maliciously replaced by a network attacker. A compromised toy with a speaker can be made to voice distressing audio [60]. Finally, a child can be harmed by any leak of information captured by a smart toy.…”

Section: Introductionmentioning

confidence: 99%

Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys

Shasha

Mahmoud

Mannan

et al. 2019

IEEE Internet Things J.

View full text Add to dashboard Cite

Smart toys have captured an increasing share of the toy market, and are growing ubiquitous in households with children. Smart toys are a subset of Internet of Things (IoT) devices, containing sensors, actuators, and/or artificial intelligence capabilities. They frequently have internet connectivity, directly or indirectly through companion apps, and collect information about their users and environments. Recent studies have found security flaws in many smart toys that have led to serious privacy leaks, or allowed tracking a child's physical location. Some well-publicized discoveries of this nature have prompted actions from governments around the world to ban some of these toys. Compared to other IoT devices, smart toys pose unique risks because of their easily-vulnerable user base, and our work is intended to define these risks and assess a subset of toys against them. We provide a classification of threats specific to smart toys in order to unite and complement existing adhoc analyses, and help comprehensive evaluation of other smart toys. Our vulnerability taxonomy addresses the potential security and privacy flaws that can lead to leakage of private information or allow an adversary to control the toy to lure, harm, or distress a child. Using this taxonomy, we perform a thorough experimental analysis of eleven smart toys and their companion apps. Our systematic analysis has uncovered that several current toys still expose children to multiple threats for attackers with physical, nearby, or remote access to the toy.

show abstract

“…12 This is concerning because, once purchased, a child can use any device that their caregiver deems reasonable. Valente and Cardenas (2017) found that carers allow children full access to connected devices aimed at an adult audience, because the functionality is broader than equivalent devices aimed at children. Safeguards in place for children's privacy in particular may be of little value if toys that are marketed to them pale in comparison to technology that is already available in the child's home.…”

Section: Lack Of Claritymentioning

confidence: 99%

“…Children are less likely than a parent or carer to understand the implications of bringing a connected device into the home. Research has shown that children do not always understand that devices with a microphone will record them, or that individuals can subsequently listen to the recordings (Valente and Cardenas (2017)). Although Article 14 of GDPR suggests that privacy policies should be targeted at the users of the product, this does not happen in practice -with only one of the six privacy policies reviewed having a reading age close to the target age of the product (Detective Dot being aimed at children aged 7+).…”

Section: Independence…at the Cost Of Privacy And Security?mentioning

confidence: 99%

“…This is not ideal, as email is a slow and complex way for an individual to communicate with an organisation -having to draft an email with appropriate words is much more time-consuming and labourintensive than pressing a button designed for this purpose. Valente and Cardenas (2017) show the relative ease with which data can be gained from a connected, smart toy -you can ask it questions that may point to a name, location, or other distinguishing features of the previous owner.…”

Section: Independence…at the Cost Of Privacy And Security?mentioning

confidence: 99%

See 1 more Smart Citation

Turner, S; (2020) Connected Toys: What Device Documentation Explains about Privacy and Security.

View full text Add to dashboard Cite

Security & Privacy in Smart Toys

Cited by 41 publications

References 3 publications

Security and Privacy Analyses of Internet of Things Children’s Toys

Security and Privacy Analyses of Internet of Things Children’s Toys

Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys

Turner, S; (2020) Connected Toys: What Device Documentation Explains about Privacy and Security.

Contact Info

Product

Resources

About