Final Post on Smart Toy Security and Privacy -16

Throughout the semester I have been researching Smart Toys and the associated security and privacy issues. In order to best understand this topic I started by establishing a working definition for smart toy and built up my understanding from there until I could grasp the intricacies of the security and privacy issues associated with smart toys. My personal favorite definition of a smart toy is was provided by Cyber Security expert Dr. Patrick Hung, he defines smart toys as a device consisting of a physical toy component that connects to one or more toy computing services to facilitate gameplay in the Cloud through networking and sensory technologies to enhance the functionality of a traditional toy. Smart Toys belong to an emerging category of electronic devices known as “IoT” or Internet of Things. Although the term “Internet of Things” first appeared in the literature in 2005, there is still no widely accepted definition. One participant described the IoT as the connection of “physical objects to the Internet and to each other through small, embedded sensors and wired and wireless technologies, creating an ecosystem of ubiquitous computing.” Some examples of IoT devices are clocks, microwaves, radios, and TOYS. These types of electronic devices are becoming increasing sophisticated and are capable of providing technologically advanced solutions for their users with a variety of applications. In addition to internet and networking technologies, smart toys utilize a number of hardware and software assets to perform their operations, several of which have been linked to security vulnerabilities. These vulnerabilities allow hackers or malicious actors to capture data, perform surveillance and monitoring, and commandeer computer systems. In recent years a number a National and International Toy companies have fallen victim to large scale security breaches resulting in the loss of user account information that includes items such as names, addresses, photos, videos, voice-recordings, gps coordinates, as well as other collections a personal information obtained by the devices through voice recordings, analytics, and user input. As a result of the security breaches, many privacy and security watchdog organizations began taking notice of the frequent security and privacy issues associated with IOT devices and smart toys. These watchdog groups have been responsible for exposing security vulnerabilities overlooked or neglected by toy companies. In addition to security analysis, watchdog and advocacy groups provide a channel for individuals to address their security and privacy concerns to government bodies. A recent complaint to the FTC, filed by Campaign for a Commercial Free Childhood (CCFC), the Center for Digital Democracy (CDD), Consumers Union, and the Electronic Privacy Information Center (EPIC), argues that a popular smart toy collects data without proper parental consent, a violation of COPPA the Children’s Online Privacy Protection Act. The security vulnerabilities associated with smart toys present parents with the difficult task of addressing their own cyber security issues. Moving forward parents will need a basic understanding internet privacy practices in order to adequately protect their children.


3 thoughts on “Final Post on Smart Toy Security and Privacy -16

  1. Without understanding the implications of the technology we see in smart toys, I wouldn’t feel comfortable letting my children play with them if I were to even have children. I think now this generation will growup to understand the implications of privacy with technology way more than any generation before us, however there is still plenty to be learned. I think there is always a risk of privacy when it comes to technology but how big of a risk we are willing to take is what we should consider.


  2. I feel that we are monitored enough without the toys we play with as children being documented. I guess that my way of thinking might soon be a relic of the past.


  3. Hi, just got done reading all your blog post on smart toys and I remember some comedy shows talking about the toy security problem. When the internet was first created the people that developed it did not take any security measures into account because they though people are good. People are good although small percent is not and they are know attacking children’s toys. I think developers are know taking security concerns into account and people are more willing to take more security protocols into there routine because they have seen the dangers it can bring.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s