Skip to main content

Security and Privacy Analyses of Internet of Things Children's Toys

Author(s): Chu, G; Apthorpe, N; Feamster, Nick

To refer to this page use:
Abstract: © 2014 IEEE. This paper investigates the security and privacy of Internet-connected children's smart toys through case studies of three commercially available products. We conduct network and application vulnerability analyses of each toy using static and dynamic analysis techniques, including application binary decompilation and network monitoring. We discover several publicly undisclosed vulnerabilities that violate the Children's Online Privacy Protection Rule as well as the toys' individual privacy policies. These vulnerabilities, especially security flaws in network communications with first-party servers, are indicative of a disconnect between many Internet of Things toy developers and security and privacy best practices despite increased attention to Internet-connected toy hacking risks.
Publication Date: 1-Feb-2019
Citation: Chu, G, Apthorpe, N, Feamster, N. (2019). Security and Privacy Analyses of Internet of Things Children's Toys. IEEE Internet of Things Journal, 6 (1), 978 - 985. doi:10.1109/JIOT.2018.2866423
DOI: doi:10.1109/JIOT.2018.2866423
EISSN: 2327-4662
Pages: 978 - 985
Type of Material: Journal Article
Journal/Proceeding Title: IEEE Internet of Things Journal
Version: Author's manuscript

Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.