Security Tests for Smart Toys

Luciano Gonçalves de Carvalho, Marcelo Medeiros Eler

2018

Abstract

Smart toys are becoming more and more common in many homes. As smart toys can gather data on the context of the user’s activities (e.g., voice, walking, photo, etc.) through camera, microphone, GPS and various sensors and store personalized and confidential information (e.g., location, biography information, activities pattern, etc.), security measures are required to assure their reliability, specially because they are mainly used by vulnerable users, children. In fact, several security flaws have been reported on smart toys available in the market. Security incidents include information leakage, toys used as spies and outsiders interacting with children via unauthorized connections. Some researchers have investigated smart toys vulnerabilities and risks when it comes to security issues, many of them have studied how to assure privacy policies compliance, and one researcher proposed general security requirements for smart toys. However, no work has proposed general security analysis and tests to assure security requirements have been met. In this context, this paper discusses security issues, threats and requirements in the context of smart toys and presents general security analysis and tests for smart toys, all identified based on the Microsoft Security Development Lifecycle (SDL) process. We believe this work contributes to this field by providing manufacturers, developers and researchers with a general guideline on how to handle security aspects when designing and developing smart toys.

Download


Paper Citation


in Harvard Style

Gonçalves de Carvalho L. and Medeiros Eler M. (2018). Security Tests for Smart Toys.In Proceedings of the 20th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-298-1, pages 111-120. DOI: 10.5220/0006776101110120


in Bibtex Style

@conference{iceis18,
author={Luciano Gonçalves de Carvalho and Marcelo Medeiros Eler},
title={Security Tests for Smart Toys},
booktitle={Proceedings of the 20th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2018},
pages={111-120},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006776101110120},
isbn={978-989-758-298-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Security Tests for Smart Toys
SN - 978-989-758-298-1
AU - Gonçalves de Carvalho L.
AU - Medeiros Eler M.
PY - 2018
SP - 111
EP - 120
DO - 10.5220/0006776101110120