Abstract
Smart toys are traditional toys embedded with technological intelligence that enhances the toys functionalities to match the need of children in an ever-advancing technological savvy generation. Due to some weaknesses present in their embedded features, the sale and the use of this type of product have been driving some great concernments related to cyber-security. Therefore, this systematic review mapped the current research areas in smart toy security, collect data and show the available works on the subject in question. For conducting this survey, we used electronic resources such as ACM Digital Library, Science Direct (Elsevier) and Scopus in the period between 2014 to 2018. This research protocol was developed by the research question, data sources and search strategies, data extraction and synthesis. After completing all these processes, we selected and analyzed a range of 26 studies from an initial set of 731. We considered the suggestions presented in the analyzed studies about keeping children’s data secured while using smart toys and we came to the conclusion that there is a significant growth in the studies about it, although there is not any study implementing a security model in these toys or a guideline of how to use it safely.
You have full access to this open access chapter, Download conference paper PDF
1 Introduction
Toys have always been present in people’s lives, either as an educational and playful element in school or as a form of entertainment for children in their daily lives. In general, toys play an important role in children cognitive and motor development [24]. With toys, children can learn new things and develop fundamental elements in their personality and socialization behavior [6, 39]. As the society began witnessing technological advancement, most parents began buying new and available mobile or computational devices for their children [27]. As a consequence of it, the toy industry implemented technology in traditional toys, leading the smart toys emersion [22].
Smart toys are traditional toys embedded with technological intelligence that enhances the toys functionalities to match the need of children in an ever-advancing technological savvy generation [29]. A smart toy can be considered as an Internet of Things (IoT) device with Artificial Intelligence (AI) designed for providing a unique child-toy interaction by responding to users actions [11, 13]. Some smart toys can have face and voice recognition capabilities performed through their embedded features and tools such as microphone, camera, and recording and speech devices, making themselves look more attractive and fun [2]. Even though smart toys represent a significant technological breakthrough, some studies have shown that criminals can target such toys since they store sensitive information, their vulnerable user base, and some cybersecurity violations related to their privacy policies [31].
Recently, some smart toys companies have recognized that they can collect and store children’s data and share it with trusted third parties; however, few of these companies fully encrypt user data or clearly state how they can use it [5]. Smart toys can track the location of children using GPS features, store pictures, videos, and audios, connect to the internet and cloud, and allow personal information exchanges through smartphone applications [7]. The information smart toys can gather, if accessed by the wrong person, can have severe consequences for users, mainly because most parents have no prior knowledge about the smart toys security policies, and children are considered as vulnerable and defenseless online users [19]. As a result of the security breaches present in smart toys, some federal governments all over the world have enacted cybersecurity laws aiming to ensure the confidentiality, integrity, and availability protection of young children data, and the technology information research community in this field has shown a relevant growth as well [4, 20].
A systematic review stands out as constituting a series of relevant studies on a specific subject, which may be related, presenting criticism and praise and making general comments on the subject. A systematic review is considered as secondary research, because it is made with the union of primary studies elaborated by other authors, is characterized by being both qualitative and quantitative research and presenting the “state of the art” about a certain subject [15, 25]. This type of review helps to gather knowledge about a specific area of study, to identify recommendations for future research, to establish the context of a research topic or problem, and to identify the main methodologies and research techniques used in a particular topic or field of research [17].
This systematic review brings an approach to the threats that children may be exposed by using smart toys and which safety practices should be used to avoid such problems. The protocols used for the selection of studies were: research questions, search strategies, selection criteria, and results synthesis. A total of 26 primary studies published from 2014 to 2018 were selected in electronic resources as ACM Digital Library, Science Direct (Elsevier) and Scopus, which addressed topics related to safety gaps in smart toys and the mechanisms that could protect children from the use of smart toys. Finally, we evaluate if these studies present concepts and security practices related to the reliability, availability, and integrity of infant information, and at the last moment, we describe the methods and type of validation adopted.
2 Developing the Protocol
This systematic review of the literature presents an overview of the security of smart toys. To plan this review, we divided it into three phases (Fig. 1). In the first phase, we searched manually for studies about smart toys, and we used snowballing strategies in the relevant articles for this work. During the development of the protocol, we evaluate the state-of-art of some chosen studies, and we checked if there was a considerable quantity of primary studies available in the literature. After the studies selection, we looked into their content and analyzed which information related to security in smart toys needed to be established, and which requirements should be adopted while conducting this review.
Adapted from [17].
Diagram representing an overview of the systematic review process.
In the second phase, we delimit the information that we needed to extract from the primary studies through one research question. During the searching process, we chose the electronic resources, and we set the string search we used in this stage. For selecting the studies, we delimit inclusion and exclusion criteria to filter the initial set of retrieved studies. After having the final list of selected studies, we extracted and separated their content based in categories. The Sects. 2.1–2.5 provide more details about this stage.
2.1 Research Question
To formulate the research question, we considered the topic of this approach and the principle of the acronym PICO. According to [16], this acronym outlines the critical elements of a well-elaborated research question, based in its word letters, which is stood for: Population, Intervention, Comparison, and Outcome. The search question composition according to the acronym PICO is shown in Table 1. The research question “How to ensure that smart toys are secure enough for children?” was defined considering the requirements mentioned above.
2.2 Data Sources and Search Strategy
In order to perform an automated search process, we used electronic resources such as digital libraries and indexing systems to find relevant papers. The digital libraries that we used in this work were ACM Digital LibraryFootnote 1 and Science Direct (Elsevier)Footnote 2, and as an indexing system, we included the ScopusFootnote 3.
We set a search string (Fig. 2) to narrow the scope of our search and collect accurate studies. To build it we considered the research question main terms and its synonyms, and we used Boolean operators, wildcards, quotations marks, and parentheses as well. We applied the search string in titles, abstracts and keywords of the retrieved studies, and we adapted it according to the electronic resources formats.
This stage took place in December 2018, and it retrieved an initial set of 721 primary studies.
Search string used to automate the search process.
2.3 Study Selection
We summarized a range of inclusion and exclusion criteria to filter the initial set of studies. The inclusion criteria (IC) used were: studies published from 2014 to 2018 (IC1); studies written in English (IC2) and studies peer-reviewed (IC3). For the exclusion criteria (EC) were delimited: studies not included in the information technology field (EC1); duplicated or same authorship studies (EC2); studies that do not address technology designed for the infant user (EC3), and studies that do not address smart toys (EC4) (Table 3).
To filter the initial set of primary studies based on the criteria mentioned above we count with the electronic resources delimiters and mechanisms for exporting the bibliographic details in formats for EndNoteFootnote 4.
After applying the inclusion and exclusion criteria in the initial set of studies, we selected 30 studies. In these 30 studies, we found four studies repeated among the electronic resources, remaining a total of 26 primary studies included in this study.
2.4 Data Extraction and Synthesis
During the data extraction, we separated the selected studies into categories to evaluate their relevance for this approach. To synthesize the studies content, some requirements in an excel sheet delimit the details that articles would have regarding their approach, validation methods, contribution type, and approach. Moreover, this procedure helped to compare and summarize the findings of the primary studies included in this work, along with the information we need to answer the research questions.
2.5 Threats to Validate the Protocol
Some threats found throughout this systematic review are presented below, as well as how to mitigate them:
Selection of Relevant Studies: Search strings were used to perform an automatic search in the databases. The terms of the search string were extracted from the formulated search query. To make sure that relevant works were not missed in the automatic search, keyword synonyms were included in the search string.
Missing Relevant Studies: Although the search string shown in Fig. 2 was used on the indexing systems presented in Table 2, some relevant articles may not have been returned. This threat was avoided by presenting the list of articles found to experts in the area to indicate whether any relevant articles were missing.
3 Systematic Review Reports
In this section, we address some security gaps in smart toys and procedures that can contribute to the improvement of smart toys mentioned in the studies selected for this review. From an initial sample of 731 papers, we identified 26 primary studies (3.55%) that match the selection criteria of this systematic review. The primary studies selected for the analysis were categorized according to their approach and type, as mentioned in the data extraction step.
3.1 How to Ensure that Children Are Secure Enough?
Data Confidentiality. The studies [8, 10, 12, 14, 21, 23, 30, 32, 33, 35] are categorized as case studies that address data confidentiality tests with intelligent toys, such as Hello Barbie, Dinno, Hello Kitty, My Friend Cayla, Smart Toy Bear, and HereO Watch, among others. According to these studies, smart toys easily store and/or collect images of the physical activity status of their users (walking, running, sitting, etc.), location history information through a camera, microphone, GPS and several others. And as a solution to this issue, these studies suggest the synchronization of apps that allow to check and keep track on the child usage; the avoidance of default passwords in differing products and passwords that cannot be changed by users; and control over GPS activation. And still, according to them, the toy company should adopt privacy policies that aim to protect the data collected by the smart toys and aware parents to read their guidelines.
The studies categorized as surveys works such as [8, 9, 35, 36] consider that each intelligent toy should have its privacy policy, describing the information and including the collection, management, sharing and retention of personal data of a user. The studies also point to the need for further research into the underlying mechanisms regarding the compliance of children with connected toys, as one of the studies noted the ability of a (third) agent to influence children’s moral judgments through interaction.
The only primary study selected and categorized as a systematic review is [1]. According to this study, the information technology research community has had many discussions about confidentiality issues in smart toys that store personal information. Hence, this study showed that a toy connected to the internet should guarantee user privacy by encrypting their data when sending information to a third party.
The works categorized as bibliographic studies as [3, 10, 12, 18, 26, 28, 30, 34, 38] show that smart toys must comply with the traditional safety standards of common toys and, as online services, must also comply with digital privacy laws. Most of these articles highlight that to protect children data it is necessary to implement a transparent and workable method that allows parents to have control over the information of their children that are being shared. According to these works, the end-user requirements in smart toys need to be created specifically for their base of users, considering their needs and vulnerability.
In general, most of the studies that mention data confidentiality practices have shown that smart toys should ask their user before collecting their personal information, such as voice recordings, photographs, videos, location history, or any personal information that identifies users, specifically children. In addition, the literature has suggested that such toys should provide a clearer meaning for identifying personal data in case of the end of use, loss, theft or transition of owners. It is necessary to restrict the total amount of personal data stored locally in the toy and require some form of authentication to access all the recorded data.
Data Integrity. In the work [10], categorized as a case study that approaches data integrity, the authors mention that while using a remote server to have access to the information kept in a smart toy, the information security would be guaranteed by enforcing a physical and administrative restriction that does not allow unauthenticated software updates.
In the bibliography work [37], is proposed an intelligent model of data exchange oriented to toy edge computing that can support isolated IoT systems to perform secure interconnection with a distributed P2P way. Moreover, there is the implementation of the intelligent toy data exchange platform with distributed accounting technology, which guarantees the integrity and consistency of the data, while providing accountability, transparency, and efficiency to the network.
In the bibliography study [28], the author suggests creating a model that allows parents to create privacy rules and receive acknowledgments about their children’s confidential location data. [26, 34], mentioned in their work that would be necessary create a version control so that it is possible to return the data to the previous version (if they have been accidentally changed or deleted).
Data Availability. The works categorized as study of cases as [10, 21, 30, 32] suggest the implantation of maintenance in the physical structure of toys, the establishment of compatible programs and the realization of all the necessary updates to the system. Also, they mention that the toys should allow parents to review or delete data collected from their children, such as recordings or voice images, and track what data a company is using and for what purpose the company is transmitting that data.
The bibliography studies that approaches the guarantee of data availability such as [3, 26, 28, 30, 38, 40] mention that a backup system (remote or in the cloud) should be implanted in the smart toy to be used in case there is an event that was not caused by human interaction, such as equipment failures, that can erase user data.
4 Conclusions
An exploratory study on the security of smart toys is relevant because they are a reality for some children, and its related possible negative information privacy impacts are clear according to studies reviewed. Shortly, with the diffusion of IoT, smart toys will become popular and will be used not only as an educational tool or a form of entertainment; but integrated as part of the child day to day activities and as their companions. It is necessary, as new technologies emerge, the development and adoption of security practices that follow the evolution of these connected devices. Hence, this systematic review contributes to the identification of works that deal with security gaps in toys that can help to mitigate the risks to children information privacy and safety.
After analyzing the suggestions about information security practices in smart toys presented in the 26 primary studies selected for this review, we came to the conclusion that the studies about security in smart toys have grown significantly in the last few years mainly due to the expansion of the market of smart toys. Although several studies available in the literature already address security gaps in smart toys, the majority of them only mention superficially some steps that should be taken to reduce this security breaches, and there is not any study that substantially implements a security model that can enhance security practices in smart toys yet. Also, many types of research have shown that parents can help to mitigate the risks exposed by smart toys features, but it is still necessary to conduct an investigation that presents a guideline that parents should follow to avoid data breaches in smart toys.
Notes
References
de Albuquerque, A.P., Kelner, J.: Toy user interfaces: systematic and industrial mapping. J. Syst. Archit. (2018)
Brito, R., Dias, P., Oliveira, G.: Young children, digital media and smart toys: how perceptions shape adoption and domestication. Br. J. Educ. Technol. 49(5), 807–820 (2018)
de Carvalho, L.G., Eler, M.M.: Security tests for smart toys. In: ICEIS, no. 2, pp. 111–120 (2018)
Chaudhuri, A.: Internet of things data protection and privacy in the era of the general data protection regulation. J. Data Prot. Priv. 1(1), 64–75 (2016)
Chowdhury, W.: Toys that talk to strangers: a look at the privacy policies of connected toys. In: Arai, K., Bhatia, R., Kapoor, S. (eds.) FTC 2018. AISC, vol. 880, pp. 152–158. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-02686-8_12
Delprino, F., Piva, C., Tommasi, G., Gelsomini, M., Izzo, N., Matera, M., et al.: ABBOT. In: Advanced User Interfaces (AVI), pp. 1–9. ACM (2018)
D’Hooge, H., Dalton, L., Shwe, H., Lieberman, D., O’Malley, C.: Smart toys: brave new world? In: CHI 2000 Extended Abstracts on Human Factors in Computing Systems. pp. 247–248. ACM (2000)
Druga, S., Williams, R., Park, H.W., Breazeal, C.: How smart are the smart toys? Children and parents’ agent interaction and intelligence attribution. In: Proceedings of the 17th ACM Conference on Interaction Design and Children, pp. 231–240. ACM (2018)
Fantinato, M., et al.: A preliminary study of hello Barbie in Brazil and Argentina. Sustain. Cities Soc. 40, 83–90 (2018)
Haynes, J., Ramirez, M., Hayajneh, T., Bhuiyan, M.Z.A.: A framework for preventing the exploitation of IoT smart toys for reconnaissance and exfiltration. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10658, pp. 581–592. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72395-2_53
Holloway, D., Green, L.: The internet of toys. Commun. Res. Pract. 2(4), 506–519 (2016)
Hung, P.C.K., Iqbal, F., Huang, S.-C., Melaisi, M., Pang, K.: A glance of child’s play privacy in smart toys. In: Sun, X., Liu, A., Chao, H.-C., Bertino, E. (eds.) ICCCS 2016. LNCS, vol. 10040, pp. 217–231. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48674-1_20
Ihamäki, P., Heljakka, K.: The internet of toys, connectedness and character-based play in early education. In: Arai, K., Bhatia, R., Kapoor, S. (eds.) FTC 2018. AISC, vol. 880, pp. 1079–1096. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-02686-8_80
Jones, M.L., Meurer, K.: Can (and should) hello Barbie keep a secret? In: 2016 IEEE International Symposium on Ethics in Engineering, Science and Technology (ETHICS), pp. 1–6. IEEE (2016)
Kitchenham, B., Brereton, O.P., Budgen, D., Turner, M., Bailey, J., Linkman, S.: Systematic literature reviews in software engineering-a systematic literature review. Inf. Softw. Technol. 51(1), 7–15 (2009)
Kitchenham, B., Mendes, E., Travassos, G.H.: A systematic review of cross-vs. within-company cost estimation studies. In: Proceedings of the 10th International Conference on Evaluation and Assessment in Software Engineering, pp. 81–90. BCS Learning & Development Ltd. (2006)
Kitchenham, B.A., Budgen, D., Brereton, P.: Evidence-Based Software Engineering and Systematic Reviews, vol. 4. CRC Press, Boca Raton (2015)
Kshetri, N., Voas, J.: Cyberthreats under the bed. Computer 51(5), 92–95 (2018)
Kucirkova, N., Ng, I., Holtby, J.: From mirrors to selfies: protecting children’s data for personalised learning and future growth (2017)
de Lima Salgado, A., do Amaral, L.A., Castro, P.C., de Mattos Fortes, R.P.: Designing for parental control: enriching usability and accessibility in the context of smart toys. In: Tang, J.K.T., Hung, P.C.K. (eds.) Computing in Smart Toys. ISCEMT, pp. 103–125. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62072-5_7
Mahmoud, M., Hossen, M.Z., Barakat, H., Mannan, M., Youssef, A.: Towards a comprehensive analytical framework for smart toy privacy practices. In: Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust, pp. 64–75. ACM (2018)
Mazur, I., Rakauskas, F., Rosa, A.: Use of information and communication technology in logistics operations of storage: a case study of application in industry of toys. Indep. J. Manag. Prod. 9(5), 623–639 (2018)
McReynolds, E., Hubbard, S., Lau, T., Saraf, A., Cakmak, M., Roesner, F.: Toys that listen: a study of parents, children, and internet-connected toys. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 5197–5207. ACM (2017)
Mironcika, S., de Schipper, A., Brons, A., Toussaint, H., Kröse, B., Schouten, B.: Smart toys design opportunities for measuring children’s fine motor skills development. In: Proceedings of the Twelfth International Conference on Tangible, Embedded, and Embodied Interaction, pp. 349–356. ACM (2018)
Moher, D., et al.: Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Syst. Rev. 4(1), 1 (2015)
Ng, G., Chow, M., Salgado, A.L.: Toys and mobile applications: current trends and related privacy issues. In: Hung, P.C.K. (ed.) Mobile Services for Toy Computing. ISCEMT, pp. 51–76. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21323-1_4
Plowman, L.: Researching young children’s everyday uses of technology in the family home. Interact. Comput. 27(1), 36–46 (2015)
Rafferty, L., et al.: Towards a privacy rule conceptual model for smart toys. In: Tang, J.K.T., Hung, P.C.K. (eds.) Computing in Smart Toys. ISCEMT, pp. 85–102. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62072-5_6
Rivera, D., García, A., Martín-Ruíz, M.L., Alarcos, B., Velasco, J.R., Oliva, A.G.: Secure communications and protected data for a internet of things smart toy platform. IEEE Internet Things J. 6(2), 3785–3795 (2019)
Shasha, S., Mahmoud, M., Mannan, M., Youssef, A.: Playing with danger: a taxonomy and evaluation of threats to smart toys. IEEE Internet Things J. 6(2), 2986–3002 (2018)
Shasha, S., Mahmoud, M., Mannan, M., Youssef, A.: Smart but unsafe: experimental evaluation of security and privacy practices in smart toys. ArXiv Pre-Print (2018)
Streiff, J., Kenny, O., Das, S., Leeth, A., Camp, L.J.: Who’s watching your child? Exploring home security risks with smart toy bears. In: 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI), pp. 285–286. IEEE (2018)
Valente, J., Cardenas, A.A.: Security & privacy in smart toys. In: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy, pp. 19–24. ACM (2017)
Verdoodt, V., Clifford, D., Lievens, E.: Toying with children’s emotions, the new game in town? The legality of advergames in the EU. Comput. Law Secur. Rev. 32(4), 599–614 (2016)
Williams, R., Machado, C.V., Druga, S., Breazeal, C., Maes, P.: My doll says it’s ok: a study of children’s conformity to a talking doll. In: Proceedings of the 17th ACM Conference on Interaction Design and Children, pp. 625–631. ACM (2018)
Xia, L., Bisong, L., Qian, W., Ya, L.: Analysis on quality and safety of toys for children—based on the survey data of Beijing. In: Xhafa, F., Patnaik, S., Zomaya, A.Y. (eds.) IISA 2017. AISC, vol. 686, pp. 880–889. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-69096-4_125
Yang, J., Lu, Z., Wu, J.: Smart-toy-edge-computing-oriented data exchange based on blockchain. J. Syst. Archit. 87, 36–48 (2018)
Yankson, B., Iqbal, F., Hung, P.C.K.: Privacy preservation framework for smart connected toys. In: Tang, J.K.T., Hung, P.C.K. (eds.) Computing in Smart Toys. ISCEMT, pp. 149–164. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62072-5_9
Yilmaz, R.M.: Educational magic toys developed with augmented reality technology for early childhood education. Comput. Hum. Behav. 54, 240–248 (2016)
Zhang, W., Lu, Z., Wu, Z., Wu, J., Zou, H., Huang, S.: Toy-IoT-oriented data-driven CDN performance evaluation model with deep learning. J. Syst. Archit. 88, 13–22 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Pontes, L., Coutinho, G., Hung, P.C.K., Yankson, B. (2019). Security in Smart Toys: A Systematic Review of Literature. In: Streitz, N., Konomi, S. (eds) Distributed, Ambient and Pervasive Interactions. HCII 2019. Lecture Notes in Computer Science(), vol 11587. Springer, Cham. https://doi.org/10.1007/978-3-030-21935-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-21935-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21934-5
Online ISBN: 978-3-030-21935-2
eBook Packages: Computer ScienceComputer Science (R0)