Hello everyone,
I would like to present you an article about the
security and privacy of smart toys for children:
IoT toys coverage not only the market, but also win hearts
of our children. The proposed article shows a low level of safety of
this type of toys. It’s aim is to help IoT toy manufacturers
improve security and privacy development practices.
Children really like smart toys especially such as drones,
robots or smart animals. Taking control of IoT toys, which have built-in
microphones, cameras or can be remotely moved, also pose a threat to our
privacy.
Discovered vulnerabilities violate the Children’s
Online Privacy Protection Rule (COPPA) as well as the toys’ individual privacy
policies. These vulnerabilities are indicative of a disconnect between many IoT
toy developers and security and privacy best practices despite increased
attention to Internet-connected toy hacking risks. Mentioned in the article
results indicate that Internet-connected children’s toys require continued
security and privacy auditing.
Questions are:
- Do you think this topic is noteworthy? Why?
- Should toy manufacturers and sellers inform parents about existing threats? Why?
- What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
1. Do you think this topic is noteworthy? Why?
ReplyDeleteProbably it is a noteworthy topic, as You mentioned because of violating the Children’s Online Privacy Protection Rule (COPPA). I am not a huge fan of toys for children that are internet-connected. I guess that data collected in this way is probably used for some reasons, and still I prefer old school version of toys.
2. Should toy manufacturers and sellers inform parents about existing threats? Why?
I think they absolutely should. Every parent should know possible threats before buying or allowing children to play with it. The reason is simple, you want to know what are the potential consequences, what can happen and how it may affect the child. We know that those threats may or may not happen, but there should be a right to know about potential scenarios.
3. What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
Based on facts there is a lot of threats but we already know some examples from real life that happened in last few years. There was a toy “My Friend Cayla” that contains an internal microphone that criminals could use to listen in on children. Strangers could also speak to children through Cayla and demonstrated how it could be done in YouTube video. Besides security cameras, we are seeing video capabilities in TVs, toys and even appliances such as vacuum cleaners. Before purchasing and gifting these items, shoppers need to think long and hard about the potential implications.
Thanks a lot for your comment. I haven’t heard about “My Friend Cayla” but it seems to be an another example of the very low level of IoT toys security.
DeleteDo you think this topic is noteworthy? Why?
ReplyDeleteShould toy manufacturers and sellers inform parents about existing threats? Why?
What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
the topic is worth attention because it raises the problem of privacy and security. Toy manufacturers should inform parents about the principle of toys - so that parents are fully aware. I've heard a barbi doll with which one can "talk". The doll asks the child: Where do you live? Who are the parents? what kind of toys do you like ...? etc. as an interview, and the child will tell the truth because he says to the toy :)
Yes, nice interview;) On the other hand, no one knows what will happen to the information collected.
DeleteDo you think this topic is noteworthy? Why?
ReplyDeleteOf course, the topic is worth attention. In a world in which our privacy is more and more limited, we can not let it affect all spheres of our life, especially where it is not absolutely necessary and even dangerous.
Should toy manufacturers and sellers inform parents about existing threats? Why?
Of course, they should inform their parents about existing threats, however, none of the producers will do so unless they are forced by law or financial penalty. In addition, manufacturers are largely unable to prevent possible risks that their products carry, because it goes beyond their ability to influence. The production of toys with access to advanced technologies initiates the problem of having such technologies.
What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
I think that this topic immediately raises the problem of facilitating access to children of pedophiles and interacting with them. Perhaps it is too dramatic, however, an interactive toy equipped with a webcam and a microphone and speaker could be used by such a person to establish a closer relationship with the child.
In my opinion, you raised a very important topic - pedophilia. This threat seems to be the most important in this whole problem, because on the one hand, such a toy may prove to be a means of committing a crime, and on the other hand it can cause serious harm to a child. Thank you for this example.
Delete1) Do you think this topic is noteworthy? Why?
ReplyDeleteYes of course. This is a subject that is very helpful and worth the attention of every parent. It's extremely important what toys your child's playing with. The interactivity of toys raises their value in the education of the child, but always in mind you must have what data (even if the position) toy sends to the world! Think about it ...
2) Should toy manufacturers and sellers inform parents about existing threats? Why?
OF COURSE!!! OF COURSE!!! OF COURSE! Toys are an extremely important element of our children's education. We MUST know what they are doing and how they work!
3) What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
WOW ... question ... river !! What threats? Let's think ..:
1) Epilepsy - each console (PS4, XBOX, etc.) can cause epilepsy. This isn't a simple matter for a parent if the child gets an epileptic attack.
2) Addiction - like cigarettes, alcohol, drugs and others. Have you tried to take your tablet to your child? Tablet is a toy and what? .... think about it!
I haven’t heard that epilepsy is caused by consoles – it’s a new fact for me but very important! Addiction is a wider problem because - as you mentioned – it is caused by many factors. Moreover I’m not convinced to categorise a tablet as a toy – in my opinion it is rather a smart device, not a toy...
Delete1. Do you think this topic is noteworthy? Why?
ReplyDeleteYes and no. By yes I mean that usage of this kind of toys will be increasing and usuaylly they need to be conected to some sort of internet connection (usually at home it will be router) so it is good to have those device secure and have peacefull night not worrying about it.
When it comes to no I meant that I am not interested in this kind of devices so for me it is not noteworthy topic, but usuage of this kind if devices will increase so I need to be cautiuos about it.
2. Should toy manufacturers and sellers inform parents about existing threats? Why?
I think yes and this is because some parents may take some actions to prevent some situation on which they were informed but sometimes it can be one of the arguments to not to buy toy.
3. What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
When it comes to epilepsy also TV (even if you are on concert it may couse attack) my couse an attack it so not only gaming consoles. But I think that the worst case will be addiction to smart toys and devices. Nowdays people with strong relation with technology such as smartphones, computers have problems with thinking and learning so I can imagine what this kind of technology may couse to young children.
This comment has been removed by the author.
DeleteI`m not sure that problems with learning and thinking are caused by these devices. I think that it is caused because of the lack of a sense of community. Of course, a human being is inherently social, but nowadays this sense has been transferred to the virtual world.
DeleteThank you for this article. The topic is very important because IoT toys generate many threats to our security and privacy. The devices which belong to less reputable companies are without protection which would make additional costs and reduce the burden for battery power. Of course, sellers should inform about existing threats but they do not do that because it would harm the interests. Such toys give the possibility of remote monitoring of people and probably negatively affect the health of children...
ReplyDeleteYes, I agree. Two opposite interests meet in this problem: on the one hand there is money on the other one the good of children. Unfortunately, the reality looks like that in many other aspects of life.
DeleteThis comment has been removed by the author.
ReplyDeleteAd1.
ReplyDeleteThe problem is what kind of toys these toys collect. It is clear that these data will be processed and then sold. The safety of these toys is also a problem. An example is the burglary of an aquarium thermometer into a casino. Maybe this is not an ideal example, but it indicates the danger of such toys.
Ad2.
It is clear that they should report on the risks. Information on dangers, on the other hand, is not in the manufacturer's interest. Fortunately, there are regulations that define the minimum age for the user of a toy.
Ad3.
The use of such toys involves simultaneous connection to social networks. This is very dangerous. There is no certainty as to who the child may have been in contact with.
The collected data is a serious problem. In my opinion, this is an attack on our privacy if we do not agree to it. It is for this reason that users (or their parents - in the case of children) should be clearly informed about it.
DeleteDo you think this topic is noteworthy? Why?
ReplyDeleteYes, I do. Discovered vulnerabilities violate the Children’s Online Privacy Protection Rule (COPPA) - this should be the answer for this question. IoT is an area where security vulnerabilities are something “natural”. In my opinion it is caused because each “smart device” (for instance washing machine, which is able to send a short text message) is an gadget desired by a consumers. That is why producers were not focused on seurity aspect ... they want to deliver new functionalities that will convince a client to the product.
Should toy manufacturers and sellers inform parents about existing threats? Why?
It is very tricky question. From parent perspective I would answer - yes, they should … but each device connected to the Internet can be affected by some kind of malware. Even if it well secured today - after couple weeks some kind of bug might be discovered.
What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
The biggest problem in my opinion is that the manufacturers have to publish toys as fast as it is possible - for instance after premiere of new video. Toys are much more complicated than couple years ago. Manufacturers assemble them from thousands of components.
You mentioned a very important problem: updating the IoT toy software. It causes a lot of problems: how to do it, who should be responsible for it, how long the support period should be, etc. This topic is so extensive that it should be considered separately.
Delete1. Do you think this topic is noteworthy? Why?
ReplyDeleteYes, I think that this is a very important topic for society, since we will all once be parents or someone already has. The topic of security should be a priority in society
2. Should toy manufacturers and sellers inform parents about existing threats? Why?
Yes, of course they should. Information on hazards should be indicated on any goods
3. What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
Probably toys that have access to the Internet. and have communication with different people through him. This can be dangerous since we do not know who is on the other side of the display
Thank you for your comment. You are right. Bidirectional communication implemented in IoT toys is really alarming. This issue needs to be looked at in particular.
Delete1. Do you think this topic is noteworthy? Why?
ReplyDeleteNoteworthy, there is more and more such 'smart' toys. But it's the same problem as with 'smart' light bulbs, electric sockets, vulnerable WiFi access points etc.
I din't like the legalistic approach in the cited article though: violates COPPA or some policy - bad. Does not violate - OK.
2. Should toy manufacturers and sellers inform parents about existing threats? Why?
There is no point: the important threats are the ones the manufacturers are not aware of - security vulnerabilities. If law would require such information, we'd end up with something like Proposition 65, meaningless blanket statements.
3. What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
One of my main issues with IoT toys is ease of binding virtual goods with some high perceived value with worthless junk like stickers or cutie mark codes. Then the producers can drain parents' pockets even easier and cheaper.
The presented article assesses the safety of toys, inter alia referring to current legal regulations. This is one of several criteria that are considered there. This shows that produced toys may be inconsistent with applicable law - what may arouse considerable controversy.
DeleteThis comment has been removed by the author.
ReplyDeleteDo you think this topic is noteworthy? Why?
ReplyDeleteAbsolutely. Children are particularly vulnerable so all toys whould be really safety.
Should toy manufacturers and sellers inform parents about existing threats? Why?
I think that yes, beacause some parents could don't know about that way of danger.
What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
I'm not big fan of IoT. If someone hack device (It's possible for every devices connected to the internet) it could be really danger for end-user. About toys for children someone could contact with them and affect on them.
Yes, I agree with you. Unfortunately, the use of IoT devices is associated with the danger of a hacker attack. Thanks a lot for your comment.
Delete1. Do you think this topic is noteworthy? Why?
ReplyDeleteOf course, this topic is worth mentioning. Everything related to our privacy should be taken into account.
2. Should toy manufacturers and sellers inform parents about existing threats? Why?
Parents should be fully aware of the dangers of such toys. Manufacturers should bear full responsibility if a toy is susceptible to attack. They should update the firmware or otherwise withdraw the toy from the market.
3. What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
Criminals who harm children can obtain information from the toy or contact the child through it. I cannot imagine how they can use this information or how they can influence a child's behaviour by pretending to be their toy friend.
I totally agree with your opinion. The worst thing that can be in this case is to harm children. IoT toys may become an intermediary for such criminals and that`s why I raised this topic.
Delete1. Do you think this topic is noteworthy? Why?
ReplyDeleteI think that this topic is noteworthy. We should not make our children accustomed to IoT toys that they may stole privacy. We should teach small children how to protect privacy. This is more important nowadays.
2.Should toy manufacturers and sellers inform parents about existing threats? Why?
Of course they should. The buyer should have the full inforamtion about the product espescially if it is dedicated for kids.
3. What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
There may be a danger of hacker attack or as I said before unawareness of stealing privacy.
Thank you for your comment. I agree that we should teach small children how to protect privacy but I really don’t know how to do this… It is not so simple to explain children what does the privacy mean because it is the ability to maintain our data in a non-public manner. IoT toys are used by children even in the age of 3…
DeleteDamian,
ReplyDeleteThe issue is noteworthy, definitely. We are responsible for introducing such advantages into our life and all the further consequences.
The manufacturers and sellers shall inform parents about existing threats, but this is not only one preventive activity to be done. In my opinion, such dialogue could flow also from parents to the manufacturers and sellers as feedback information to find solution, how to avoid potential dangers. Apart from that, such communication should become more popular and “on top” than it is indeed now. I don’t think we can escape from ideas like such toys.
This is a very difficult question. For me this is a totally new issue. I have kids and for now I have to organize their time properly to motivate them to do their homework. That’s why I am not so fond of such toys, which could take too much time. In my opinion, by entering into this kind of entertainment we could lose the control under balance between working and playing time. Also as adults, because it would make kids concentrate on such technology advantages, and us would make focus on controlling that. For me this is my personal “threat” ;-)
BR,
Marta
You are right, but very often such toys are used by children aged 3 years, when they do not have even more responsibilities. Of course, the older children, the more advanced IoT toys are proposed by the producers, so the topic is really wide. The final control and responsibility for this lies with us - parents - and that is why the purchase of this type of toys must be well thought out.
DeleteDo you think this topic is noteworthy? Why?
ReplyDeleteDiscussing topics like that is essential. Our children use new technologies from the very beginning of their lives. It's natural for them to use it, with no boundaries, no privacy - as there is no. It can be that they won't be able to think if it is safe.
Should toy manufacturers and sellers inform parents about existing threats? Why?
Manufacturers should do that and not only they. It is not about scaring people, but reliable information about pros and cons.
What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
I think that losing privacy is a more significant threat than we suppose.
Thanks a lot for sharing your thoughts. I agree that it is essential especially in terms of our privacy.
DeleteThis comment has been removed by the author.
ReplyDeleteSecurity of IoT and not only IoT toys is absolutely noteworthy. There are many traps that many of us probably are not even aware of. I'm note an expert but I heard that previous generations of bluetooth protocol were very easy to hack. Now that IoT becomes more popular and devices collect even more personal data the topic should gain popularity.
ReplyDeleteOf course manufacturers should inform clients about known threats in the easily understandable manner. But case studies presented in the article seemed to be more about threats that manufactures didn't know about as they were related to bad programming decisions like storing secrets in a plain text. But I there were threats like "anyone in the range of 10 meters with a smartphone can connect to a camera in your child's teddy bear" than it sould be clearly stated.
There is no doubt that ensuring security is not a one-off operation. As you mentioned, after some time it turns out that the technology has previously undiscovered vulnerabilities. Without periodic updates of the software you cannot maintain a high level of security and in the situation of IoT toys it is a little complicated - who wants to take care of it...
Delete1. Do you think this topic is noteworthy? Why?
ReplyDeleteI think it's worth attention. Currently IoT is very popular. Many devices for home automation, offices, etc. are being built. Safety should be in the first place. Unfortunately the quality of the code implemented in IoT devices is low. This doesn't mean that all devices are poorly protected. Due to the access of such devices to the Internet it carries a number of threats eg regarding our privacy.
2. Should toy manufacturers and sellers inform parents about existing threats? Why?
I think they should inform. The parent should be aware of the dangers of a given toy. Child safety is the most important thing. The parent should closely follow the information on the Internet about new threats regarding the toy. Vulnerabilities can cause the toy to start recording the child and the video will go online.
3. What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
Use of weak communication protocols, vulnerable encryption protocols, storage of sensitive data in an unencrypted form.
The usage of weak communication protocols, vulnerable encryption protocols or storage of sensitive data in an unencrypted form are caused because of the lack of due diligence by IoT toys manufacturers. If those toys were tested better, there would be less such problems.
DeleteDo you think this topic is noteworthy? Why?
ReplyDeleteThis topic as all other that affects privacy and security is really important.
Should toy manufacturers and sellers inform parents about existing threats? Why?
Yes they should be obligated to do this.
What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
identity theft, personal data theft, finacial data thet
Thank you for your answers. Good examples of threats.
DeleteDo you think this topic is noteworthy? Why?
ReplyDeleteI would like to write, no so I can avoid elaborating on it, but I can't. Privacy and security are one of the most important topics and we should always consider it and don't underestimate this field.
Should toy manufacturers and sellers inform parents about existing threats? Why?
To fight with pedophiles, kidnappers and so on? It's probably easy to hack into the camera and get daily feeds. I wouldn't be happy to get an unsafe toy.
What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
Most important ones were already mentioned, other minor ones aren't worth to mention. It's a toy in the end.
Yeah, of course, it’s just a toy. On the other hand, it can easily become a tool to hurt children…
Delete1. Do you think this topic is noteworthy? Why?
ReplyDeleteOf couse it is, as on the one hand it is related to the subject of Children's Online Privacy Protection Rule and on the other hand, the toys are connected to the Internet and in my opinion everything that is internet-connected is somehow dangerous and this should be pointed out to people whenever possible.
2. Should toy manufacturers and sellers inform parents about existing threats? Why?
Of course they should. It's their obligation. It's more or less the same as with the ingredients list of food items. It has to be provided on the package and then you as customer can decide whether you want to eat it and kill your body with unhealthy stuff or not. The list is there, the choice is yours. You've been warned, you've been informed.
3. What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
The most serious one to me is collection of your personal data. I mean, why on Earth manufacturers need personal data of your children, what they are doing with it and how they are preserving it. Is it well secured or is it an easy target for all kinds of perverts and deviants?
Answering your questions: it depends on the manufacturer. As has been shown in the article, unfortunately there is a lot of vulnerability among IoT toys. So it's better to be careful about this.
Delete1) Do you think this topic is noteworthy? Why?
ReplyDeleteI think privacy and personal security concerns are very important, and there can almost never be enough said about them. As long as we're raising awareness and giving control of their privacy to ordinary people (and not "trusted third parties"), this is a good deed for all.
2) Should toy manufacturers and sellers inform parents about existing threats? Why?
Yes, but it's not always enough. There may be malevolent manufacturers, who won't inform customers about all their products' "features". They may be gathering more data than strictly necessary "just in case". Children are a vulnerable target all by themselves, but also may be a point of failure, i.e. an attack vector.
Not everybody can detect such problems alone, so the public should be assisted by other companies (even the big ones like Google actually do support security research -- like finding weaknesses in ciphers, cryptographic hash functions, or popular implementations of data formats and protocols), scientists and community effort, like websites about security (the Polish "Niebezpiecznik" comes to mind).
3) What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
Well, the article lists technical attacks on the toys, or their online "backends" - spoofing tokens, forging requests and extracting images (like profile picture). These are just means to more sinister ends, like stalking, espionage, blackmail and many others.
Other threats are shared with any electronic devices - electric shock, RF exposure, swallowing small parts etc.
Stalking, espionage and blackmail are serious threats. Parents should be aware of such consequences even though they do not result directly from the use of IoT toys.
DeleteOf course, that yes. Because we are talking about enormous number of devices that will work in our homes. If they won’t be safe enough it will be dangerous for all of us.
ReplyDeleteYes, I’ve answered on that in point one. More important is the fact that they won’t do it because if they do they won’t sell a thing.
Reality is often brutal - also in this case. If it is not imposed by law, it will be very hard to enforce notification of threats by manufacturers.
Delete
ReplyDelete1. Do you think this topic is noteworthy? Why?
I think this topic is very important, because safety of the children is extremely important in these days, when there are many threats to the child’s integrity and proper development. Everyone should be aware of the possible threats and we should often talk about it. What’s more, nowadays generally all topics connected to the privacy are crucial, so I am sure that this topic is networthy.
2. Should toy manufacturers and sellers inform parents about existing threats? Why?
I am sure that there is no other way. First of all, in case of every product consumers must be informed about all the possible threats connecting with the using of such product. It can be extremely important in the process of making decision if buy some product or choose another. Moreover, in this case we also talk about the children’s safety. Parents must have all the information about the specific toy, which can allow them to decide, if thist toy is adequate and – what’s more important - safe for their child before buying it.
3. What types of threats (apart from those presented in the article) may be related to the issue of IoT toys?
There are a lot of threats coming from IoT toys which are connected to the Internet. They can give access to the child. The most dangerous is direct access, when the hacker can use the toy’s microphone to connect with the toy and talk to the child, saying the variety of things. It can also helps gain the information about the child’s whereabouts, specially where they live, what they eat, like, dislike, when the parents are away from home, when and where the child is playing… All of it may make it easier to arrange the contact with the child in real life, with different motivations. As mentioned in the article, in connect to the toy called Hydration Tracker, in a lot of toys, which require sharing the child’s photo, it can be used by the hackers to gain such photos and then sell it to the pedophiles.
Thank you for your comment. You have the same point of view as me. I will just add that, in general, all colleagues share the view that IoT toys pose a serious threat to children and that is why this topic is worth talking about.
Delete