2019
DOI: 10.1109/jiot.2018.2866423
|View full text |Cite
|
Sign up to set email alerts
|

Security and Privacy Analyses of Internet of Things Children’s Toys

Abstract: This paper investigates the security and privacy of Internet-connected children's smart toys through case studies of three commercially-available products. We conduct network and application vulnerability analyses of each toy using static and dynamic analysis techniques, including application binary decompilation and network monitoring. We discover several publicly undisclosed vulnerabilities that violate the Children's Online Privacy Protection Rule (COPPA) as well as the toys' individual privacy policies. Th… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1

Citation Types

0
39
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
4
3
1
1

Relationship

0
9

Authors

Journals

citations
Cited by 71 publications
(39 citation statements)
references
References 15 publications
0
39
0
Order By: Relevance
“…Several classification schemes have been proposed for general IoT security [1], [11], [26], [51], [71], however nothing specific to smart toys. Some systematic analyses have been conducted into compliance of children's apps with children's privacy laws [31], [49], and experimental work on selected smart toys specifically [7]. Some inroads have been made into developing privacy paradigms for children's online activity and even into smart toys [32], [46], [70].…”
Section: Introductionmentioning
confidence: 99%
“…Several classification schemes have been proposed for general IoT security [1], [11], [26], [51], [71], however nothing specific to smart toys. Some systematic analyses have been conducted into compliance of children's apps with children's privacy laws [31], [49], and experimental work on selected smart toys specifically [7]. Some inroads have been made into developing privacy paradigms for children's online activity and even into smart toys [32], [46], [70].…”
Section: Introductionmentioning
confidence: 99%
“…They pose an imminent and immediate threat to the safety and security of children. (p. 2) These concerns are highlighted by the notion that many connected toys have been identified as vulnerable for hacking (Chu, Apthorpe, & Feamster, 2018). In March 2017, it was announced that 2 million voice recordings between parents and children were allegedly exposed to potential hackers, along with 800,000 emails and passwords to their accounts from the database of the IoT toy company CloudPets, 3 to provide one example.…”
Section: Introductionmentioning
confidence: 99%
“…Recent related works have studied the IoT security problem with the main focus of addressing the information leak of different IoT devices in smart environments, such as healthcare medical devices, home/office consumer devices, and educational toy devices [21,39,40]. Other categories of security studies have focused on anomaly detection by monitoring and fingerprinting IoT networks using machine learning techniques, and these solutions are resource-intensive and impractical for large-scale smart environments [41][42][43].…”
mentioning
confidence: 99%