Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage

SpaCCS 2017: Security, Privacy, and Anonymity in Computation, Communication, and Storage pp 581–592Cite as

A Framework for Preventing the Exploitation of IoT Smart Toys for Reconnaissance and Exfiltration

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10658))

Abstract

There are many concerns that come along with the Internet of Things that should be addressed because of its growing popularity. One major concern is the security issues related to connected devices. Connected toys are a category of IoT devices that are commonly overlooked when considering these issues, yet they are just as susceptible to attacks as any other device. This paper will look at recent incidents related to security issues involving connected toys and establish a framework with the intention of providing manufacturers with a set of standards that must be adhered to before a device can be marketed. The affected products in the discussed incidents are then tested against the proposed framework.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Dobbins, D.: Analysis of Security Concerns & Privacy Risks of Children’s Smart Toys. Washington University in Saint Louis (2015). https://sever.wustl.edu/degreeprograms/cyber-security-management/SiteAssets/Dobbins%20-%20SmartToy_Security_Final%20Revised%209-28-15.pdf

  2. Elgan, M.: This is Why Tech Toys Are Dangerous, 7 December 2015. http://www.computerworld.com/article/3012173/security/this-is-why-tech-toys-are-dangerous.html

  3. Emery, D.: My Friend Cayla’ Doll Records Children’s Speech, Is Vulnerable to Hackers, 24 February 2017. http://www.snopes.com/2017/02/24/my-friend-cayla-doll-privacy-concerns/

  4. Gibbs, S.: Hackers Can Hijack Wi-Fi Hello Barbie to Spy on Your Children, 26 November 2015. https://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children

  5. Gonsalves, A.: Baby Monitor Hack Highlights Manufacturers’ Security Shortfalls, 15 August 2013. http://www.csoonline.com/article/2133852/privacy/baby-monitor-hack-highlights-manufacturers-security-shortfalls.html

  6. Gray, S.: How Industry Can Protect Privacy in the Age of Connected Toys, 1 December 2016. https://iapp.org/news/a/how-industry-can-protect-privacy-in-the-age-of-connected-toys/

  7. Greenburg, A.: This Hacked Kids’ Toy Opens Garage Doors in Seconds, 4 June 2015. https://www.wired.com/2015/06/hacked-kids-toy-opens-garage-doors-seconds

  8. Hern, A.: CloudPets Stuffed Toys Leak Details of Half a Million Users, 28 February 2017. https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults

  9. Holloway, D.: The internet of toys. Commun. Res. Pract. 2(4), 506–519 (2016). http://www.tandfonline.com/doi/abs/10.1080/22041451.2016.1266124

  10. Federal Trade Commission: Children’s Online Privacy Protection Act of 1998. Children’s Online Privacy Protection Rule. https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule

  11. Kirk, J.: Data Breach at Toy Maker VTech Leaked Photos of Children, Parents, 30 November 2015. http://www.computerworld.com/article/3010513/security/data-breach-at-toy-maker-vtech-leaked-photos-of-children-parents.html

  12. Kirk, J.: Toy Maker VTech Says Breach Hit 6.4 Million Kids’ Accounts, 1 December 2015. http://www.computerworld.com/article/3011166/security/toy-maker-vtech-says-breach-hit-64-million-kids-accounts.html#tk.drr_mlt

  13. Michael, K.: High-Tech Child’s Play in the Cloud: be safe and aware of the difference between virtual and real. IEEE Consum. Electron. Mag. 5(1), 123–128 (2015). http://ieeexplore.ieee.org/abstract/document/7353284/authors

  14. Korolov, M.: VTech Not Backing Down on Terms Change After Data Breach, 19 February 2016. http://www.csoonline.com/article/3035021/security/vtech-not-backing-down-on-terms-change-after-data-breach.html

  15. Larson, S.: Stuffed Toys Leak Millions of Voice Recordings From Kids and Parents, 27 February 2017. http://money.cnn.com/2017/02/27/technology/cloudpets-data-leak-voices-photos/index.html

  16. Moini, C.: Protecting privacy in the era of smart toys: does hello barbie have a duty to report. Catholic Univ. J. Law Technol. 25(2), 4 (2017). Article No. 4. http://scholarship.law.edu/cgi/viewcontent.cgi?article=1040&context=jlt&sei-redir=1&referer=https%3A%2F%2Fscholar.google.com%2Fscholar%3Fstart%3D20%26q%3Dhacked%2Bchildren%2527s%2Btoys%26hl%3Den%26as_sdt%3D0%2C33#search=%22hacked%20childrens%20toys%22

  17. National Institute of Standards and Technologies, NIST. https://www.nist.gov/about-nist

  18. NIST Special Publication 800-53 (Rev. 4). National Vulnerability Database. https://nvd.nist.gov/800-53/Rev4. Accessed 23 June 2017

  19. Peterson, A.: Hello (hackable) Barbie, 4 December 2015. https://www.washingtonpost.com/news/the-switch/wp/2015/12/04/hello-hackable-barbie/?utm_term=.e774edd5573a

  20. Rouse, M.: Advanced Encryption Standard (AES). http://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard

  21. Secure Hash Algorithm (SHA). Techopedia.com. https://www.techopedia.com/definition/10328/secure-hash-algorithm-sha

  22. Smith: Security Flaws Found in Fisher-Price Smart Teddy Bear and Kid’s GPS Tracker Watch, 2 February 2016. http://www.networkworld.com/article/3028827/security/security-flaws-found-in-fisher-price-smart-teddy-bear-and-kids-gps-tracker-watch.html

  23. Stanslav, M., Beardsley, T.: HACKING IoT: A Case Study on Baby Monitor Exposures and Vulnerabilities. Rapid7.com. https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf

  24. Spring, T.: Hello Kitty Database of 3.3 Million Breached Credentials Surfaces, 9 January 2017. https://threatpost.com/hello-kitty-database-of-3-3-million-breached-credentials-surfaces/122932

  25. Storm, D.: Hello Kitty Hack Exposes 3.3 Million Users, Joins Hello Barbie in Putting Kids at Risk, 22 December 2015. http://www.computerworld.com/article/3017974/security/hello-kitty-hack-exposes-3-3-million-users-joins-hello-barbie-in-putting-kids-at-risk.html#tk.drr_mlt

  26. Unknown: Connected Dolls and Tell-Tale Teddy Bears: Why We Need to Manage the Internet of Toys, 23 March 2017. https://ec.europa.eu/jrc/en/news/why-we-need-manage-internet-toys

  27. Unknown: Children’s Messages in CloudPets Data Breach, 28 February 2017. http://www.bbc.com/news/technology-39115001

  28. The White House: Cybersecurity-Executive Order 13636, 12 February 2013. https://obamawhitehouse.archives.gov/issues/foreign-policy/cybersecurity/eo-13636

  29. Zunnurhain, K.: Vulnerabilities with internet of things. In: Proceedings of International Conference on Security and Management (SAM) (2016). http://search.proquest.com/docview/1806999232?pq-origsite=gscholar

Download references

Author information

Authors and Affiliations

  1. Fordham Center for Cybersecurity, Fordham University, New York, NY, USA

    Jeffrey Haynes, Maribette Ramirez, Thaier Hayajneh & Md. Zakirul Alam Bhuiyan

Authors
  1. Jeffrey Haynes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maribette Ramirez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thaier Hayajneh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Md. Zakirul Alam Bhuiyan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thaier Hayajneh .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA

    Mohammed Atiquzzaman

  3. Aalto University, Espoo, Finland

    Zheng Yan

  4. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Haynes, J., Ramirez, M., Hayajneh, T., Bhuiyan, M.Z.A. (2017). A Framework for Preventing the Exploitation of IoT Smart Toys for Reconnaissance and Exfiltration. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_53

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72395-2_53

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72394-5

  • Online ISBN: 978-3-319-72395-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation