Security and Privacy Analyses of Internet of Things Children’s Toys

Chu, Gordon; Apthorpe, Noah; Feamster, Nick

doi:10.1109/jiot.2018.2866423

Cited by 70 publications

(39 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several classification schemes have been proposed for general IoT security [1], [11], [26], [51], [71], however nothing specific to smart toys. Some systematic analyses have been conducted into compliance of children's apps with children's privacy laws [31], [49], and experimental work on selected smart toys specifically [7]. Some inroads have been made into developing privacy paradigms for children's online activity and even into smart toys [32], [46], [70].…”

Section: Introductionmentioning

confidence: 99%

Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys

Shasha

Mahmoud

Mannan

et al. 2019

IEEE Internet Things J.

View full text Add to dashboard Cite

Smart toys have captured an increasing share of the toy market, and are growing ubiquitous in households with children. Smart toys are a subset of Internet of Things (IoT) devices, containing sensors, actuators, and/or artificial intelligence capabilities. They frequently have internet connectivity, directly or indirectly through companion apps, and collect information about their users and environments. Recent studies have found security flaws in many smart toys that have led to serious privacy leaks, or allowed tracking a child's physical location. Some well-publicized discoveries of this nature have prompted actions from governments around the world to ban some of these toys. Compared to other IoT devices, smart toys pose unique risks because of their easily-vulnerable user base, and our work is intended to define these risks and assess a subset of toys against them. We provide a classification of threats specific to smart toys in order to unite and complement existing adhoc analyses, and help comprehensive evaluation of other smart toys. Our vulnerability taxonomy addresses the potential security and privacy flaws that can lead to leakage of private information or allow an adversary to control the toy to lure, harm, or distress a child. Using this taxonomy, we perform a thorough experimental analysis of eleven smart toys and their companion apps. Our systematic analysis has uncovered that several current toys still expose children to multiple threats for attackers with physical, nearby, or remote access to the toy.

show abstract

Section: Introductionmentioning

confidence: 99%

Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys

Shasha

Mahmoud

Mannan

et al. 2019

IEEE Internet Things J.

View full text Add to dashboard Cite

show abstract

“…They pose an imminent and immediate threat to the safety and security of children. (p. 2) These concerns are highlighted by the notion that many connected toys have been identified as vulnerable for hacking (Chu, Apthorpe, & Feamster, 2018). In March 2017, it was announced that 2 million voice recordings between parents and children were allegedly exposed to potential hackers, along with 800,000 emails and passwords to their accounts from the database of the IoT toy company CloudPets, 3 to provide one example.…”

Section: Introductionmentioning

confidence: 99%

Young children’s perceptions of ubiquitous computing and the Internet of Things

Mertala¹

2019

Preprint

View full text Add to dashboard Cite

Ubiquitous computing (ubicomp) and the Internet of things (IoT) are turning into everyday household technology at an ever‐increasing pace, for example, in the form of connected toys. However, while ubicomp and IoT are changing and shaping children’s digital and technological landscape, not much is known about how children perceive these omnipresent and concealed forms of digital technology. This qualitatively oriented paper explores 3‐ to 6‐year‐old Finnish children’s perceptions of ubicomp and IoT via interviews and a design task. Initially, the children were skeptical toward the idea that tangible objects, such as toys, could be computer and/or Internet enabled. However, these perceptions were subject to change when children were introduced to a scientific conception of what computers and the Internet are and asked to apply their knowledge to a technological design task. Implications for early years digital literacy education are discussed in the paper.

show abstract

“…Recent related works have studied the IoT security problem with the main focus of addressing the information leak of different IoT devices in smart environments, such as healthcare medical devices, home/office consumer devices, and educational toy devices [21,39,40]. Other categories of security studies have focused on anomaly detection by monitoring and fingerprinting IoT networks using machine learning techniques, and these solutions are resource-intensive and impractical for large-scale smart environments [41][42][43].…”

mentioning

confidence: 99%

Towards a Secure and Scalable IoT Infrastructure: A Pilot Deployment for a Smart Water Monitoring System

Overmars¹,

Venkatraman²

2020

Technologies

View full text Add to dashboard Cite

Recent growth in the Internet of Things (IoT) looks promising for realizing a smart environment of the future. However, concerns about the security of IoT devices are escalating as they are inherently constrained by limited resources, heterogeneity, and lack of standard security controls or protocols. Due to their inability to support state-of-the-art secure network protocols and defense mechanisms, standard security solutions are unsuitable for dynamic IoT environments that require large and smart IoT infrastructure deployments. At present, the IoT based smart environment deployments predominantly use cloud-centric approaches to enable continuous and on-demand data exchange that leads to further security and privacy risks. While standard security protocols, such as Virtual Private Networks (VPNs), have been explored for certain IoT environments recently, the implementation models reported have several variations and are not practically scalable for any dynamically scalable IoT deployment. This paper addresses current drawbacks in providing the required flexibility, interoperability, scalability, and low-cost practical viability of a secure IoT infrastructure. We propose an adaptive end-to-end security model that supports the defense requirements for a scalable IoT infrastructure. With low-cost embedded controllers, such as the Raspberry Pi, allowing for the convergence of more sophisticated networking protocols to be embedded at the IoT monitoring interface, we propose a scalable IoT security model integrating both the IoT devices and the controller as one embedded device. Our approach is unique, with a focus on the integration of a security protocol at the embedded interface. In addition, we demonstrate a prototype implementation of our IoT security model for a smart water monitoring system. We believe that our modest first step would instill future research interests in this direction.

show abstract

Security and Privacy Analyses of Internet of Things Children’s Toys

Cited by 70 publications

References 15 publications

Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys

Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys

Young children’s perceptions of ubiquitous computing and the Internet of Things

Towards a Secure and Scalable IoT Infrastructure: A Pilot Deployment for a Smart Water Monitoring System

Contact Info

Product

Resources

About