Security & Privacy in Smart Toys
| Title | Security & Privacy in Smart Toys |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Valente, Junia, Cardenas, Alvaro A. |
| Conference Name | Proceedings of the 2017 Workshop on Internet of Things Security and Privacy |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5396-0 |
| Keywords | command injection attacks, composability, Metrics, pubcrawl, resilience, Resiliency |
| Abstract | We analyze the security practices of three smart toys that communicate with children through voice commands. We show the general communication architecture, and some general security and privacy practices by each of the devices. Then we focus on the analysis of one particular toy, and show how attackers can decrypt communications to and from a target device, and perhaps more worryingly, the attackers can also inject audio into the toy so the children listens to any arbitrary audio file the attacker sends to the toy. This last attack raises new safety concerns that manufacturers of smart toys should prevent. |
| URL | https://dl.acm.org/citation.cfm?doid=3139937.3139947 |
| DOI | 10.1145/3139937.3139947 |
| Citation Key | valente_security_2017 |