Abstract: |
Smart toys are becoming more and more common in many homes. As smart toys can gather data on the context of the user’s activities (e.g., voice, walking, photo, etc.) through camera, microphone, GPS and various sensors and store personalized and confidential information (e.g., location, biography information, activities pattern, etc.), security measures are required to assure their reliability, specially because they are mainly used by vulnerable users, children. In fact, several security flaws have been reported on smart toys available in the market. Security incidents include information leakage, toys used as spies and outsiders interacting with children via unauthorized connections. Some researchers have investigated smart toys vulnerabilities and risks when it comes to security issues, many of them have studied how to assure privacy policies compliance, and one researcher proposed general security requirements for smart toys. However, no work has proposed general security analysis and tests to assure security requirements have been met. In this context, this paper discusses security issues, threats and requirements in the context of smart toys and presents general security analysis and tests for smart toys, all identified based on the Microsoft Security Development Lifecycle (SDL) process. We believe this work contributes to this field by providing manufacturers, developers and researchers with a general guideline on how to handle security aspects when designing and developing smart toys. |