Internet Toys - Akademia NASK

Page created by Ruth Baldwin
 
CONTINUE READING
Internet Toys - Akademia NASK
internet
    of Toys
         A    Support     or a Threat
                             .
             to    Child’s Development

                             ,
                  Anna Rywczynska
    Przemyslaw
           - Jaroszewski

     1
Internet Toys - Akademia NASK
internet
  of Toys
     A    Support    or a Threat
                        .
         to   Child’s Development
Internet Toys - Akademia NASK
1. Introduction

Toys integrating technologies are not           world of toys. Communicative compa-
new. Embedding advanced techno-                 nions—while ensuring an attractive
logical functions, including micropro-          way of spending their time, suppor-
cessors which ensure interactivity dur-         ting education, and teaching tech-
ing play, already has a long tradition.         nologies—also introduce considera-
Talking dolls or remote-controlled              ble challenges, mainly in the context
racing cars are widely known. Such              of privacy, data protection, as well as
toys (as, for instance, AIBO dog-robot          taking into account the social context.
or Tamagotchi) were created as ear-             Since toys based on the Internet in-
ly as at the end of the 20th century.           frastructure and mobile technologies
However, smart connected toys ap-               are potentially susceptible to all pro-
pearing in recent years, as a natural           blems, involving cybercrime, they
continuation of the Internet of things          create new challenges relating to
(IoT), may revolutionise the children’s         children’s cognitive development.

    Internet of Toys constitutes one of the most dynamically develo-
    ping sectors of economy. According to the Juniper Research re-
    port1, in 2017 the total number of commercial parcels including
    smart toys was respectively (in millions):

     118.2 America
     52.5 Europe
     53.3 the rest of the world
     In China an increase by 47% is expected annually, on average,
     until 2022, which will correspond to 18% share in the global
     smart toy parcel market.

1 Juniper Research, Smart Toys: Market Summary 2017.

                                            2
Internet Toys - Akademia NASK
The problems related to Internet of               In July 2017 the FBI’s Internet Crime
things were initially related mostly to           Complaint Centre issued a warning
security of ICT networks. It was due to           on its web page. It was aimed to en-
the Internet of toys that it they became          courage consumers to consider cy-
applicable to children’s safety on-line.          ber safety before introducing smart,
In December 2016 FOSI (Family On-                 interactive, Internet-connected toys
line Safety Institute) published the              to their homes. In case of smart
document titled Kids and the Con-                 toys, many questions still should be
nected Home: Privacy in the Age of                answered, including: how the safety
Connected Dolls, Talking Dinosaurs,               of data (frequently sensitive data)
and Battling Robots in which the land-            collected by devices looks like? What
scape of the smart toy world is ana-              happens to them? How are they pro-
lysed from the viewpoint of safety and            tected? Who can access them? How
the grounds to apply the rights pro-              can another person take control of
vided for in COPPA (Children’s On-                them? Taking into account potential
line Privacy Protection Act) towards              threats that may result from the fact
toy manufacturers and suppliers of                that you have a smart toy, it seems
technologies implemented in them.                 important to make a conscious de-
The said report also presents an                  cision when buying it. We hope this
initial typology of interactive toys              guidebook will help you. Its content is
dividing them into three categories:              the result of a project realised within
• smart toys—toys containing ele-                 the framework of the NASK Nation-
   ments of ‘artificial intelligence’, i.e.       al Research Institute titled ‘Internet
   ability to learn, process information          of Toys—a Support or a Threat to
   received from a child, etc.—but                Child’s Development.’
   conducting all local analyses with-
   out sending any data to an external            The project included:
   service centre;
• connected toys—sending data                     • a pilot qualitative study in the form
   (e.g. photos, audio files) to an exter-          of interviews concerning various
   nal service centre, but not containing           attitudes and practices typical for
   elements of ‘artificial intelligence’;           people with various levels of capi-
• connected smart toys combining                    tal (economic, cultural), relating to
   the features of both abovemen-                   the use of digital devices belong-
   tioned groups; using resources                   ing to the category of the Internet
   of external service centre (where                of things (IoT), in particular con-
   the data collected by a device                   nected smart toys;
   are sent) to communicate with the              • a pilot quantitative study checking
   user.                                            the level of smart toys popularisa-

                                              3
Internet Toys - Akademia NASK
tion and the level of knowledge              correct implementation, as well as
  about their safety;                          the availability and efficacy of pro-
• tests involving selected products            tection against undesirable content.
  from the viewpoint of cyber threats
  and precautions implemented by             The aim of our guidebook is to famil-
  the vendor,                                iarise potential purchasers with the
  - including information on privacy         problems concerning smart toys. The
  and safety provided by manufac-            presented definitions of notions and
  turers before purchase and in the          phenomena, descriptions of function-
  inside packaging,                          alities and recommendations should
  - in technical terms: the types of         facilitate the use of IoT technologies
  transmitted data, place where they         at home, including interactive con-
  are stored and processed, their            nected toys.
  protection (e.g. encryption) and its

                                         4
Internet Toys - Akademia NASK
2. Children—first consumers
of new technologies

Digital      technology       nowadays               —the most quickly developing in the
constitutes an inseparable part of                   entertainment sector, but more and
everyday life and accompanies                        more frequently used in education—
almost all activities we undertake,                  or AI (Artificial Intelligence) which
either in our professional or private                is anticipated to revolutionise the
life. It is used for shopping, making                industrial world. The IoT solutions are
payments,        booking       holidays,             becoming more and more popular.
communication,          and        keep-             They make it possible to collect,
ing in touch with our friends. It is also            process, and exchange data between
part of our work, and is used to acquire             items through the computer network.
information and knowledge. Children
grow up in the environment of digital                The digital revolution phenomenon is
technology virtually from their birth                considered in the social, as well as
and the average age they start to use                educational and economic aspects,
the Internet on their own is 9–10 years              and the global economic situation is
of age. Over 93% of Polish teenagers                 simply conditioned by the information
stay practically non-stop on-line2, and              society development. Complex and
almost 80% households have access                    attentive approach to synergization
to broadband Internet3. Over the last                of technology with other spheres of
few years a dynamic growth in using                  life, and development of digital com-
mobile technologies by children and                  petences based on solid educational
teenagers has been observed. Tab-                    foundations may bring about equali-
lets and smartphones increasingly of-                sation of opportunities and standards
ten replace desktop computers. More                  of living in the society. It is thus ex-
than 30% stay on-line almost all the                 tremely important to implement tech-
time through their mobile phones4.                   nologies to children’s life in such
Social media are developing, strong-                 a manner so as they could use them
ly embedded in the mobile Internet                   to satisfy their developmental and
sphere, as well as robotics, VR/AR                   social needs—while growing up sur-
(Virtual Reality/Augmented Reality)                  rounded by digital devices. The de-

2 Survey: Nastolatki 3.0, NASK, December 2016.
3 GUS [National Statistical Office] report: Information Society in Poland in 2017.
4 Survey: Nastolatki 3.0, ibid.

                                                 5
Internet Toys - Akademia NASK
velopment of global network involves              in the brain. Nevertheless, results of
not only opportunities, but also chal-            studies5 are alarming: over 40% of
lenges concerning safety of its us-               1-year and 2-year olds in Poland use
ers. The Internet, which gives a vast             tablets or smartphones, and among
space for relationships and data ex-              these every third child uses mobile
change, may also expose users to                  devices every day or almost every
such threats as: loss of privacy, ex-             day and much longer than recom-
posure to dangerous contacts, harm-               mended. In the context of recommen-
ful content, including those calling for          dations issued by the World Health
risky behaviour and those dissemi-                Organisation, stating that children be-
nating false information (the so-called           low two years of age should not have
fake news). Internet-related risks in-            any access to devices equipped with
clude also issues concerning dys-                 screens, it is clearly observed that
functional use of the network, among              digital world enters children’s lives in
others, leading to Internet-addiction.            a revolutionary manner, and frequent-
Even properly selected information                ly this process lacks conscious man-
from the Internet may negatively im-              agement on the part of their parents.
pact child’s development, if it is in-
troduced to their world too early or              The guidebook covers a new phe-
too intensely. Children whose cogni-              nomenon in the context of children’s
tive experiences are limited only to              safety in the Internet—the interactive
screen-equipped devices that begin to             connected toys and ‘machine learn-
replace their regular plays and differ-           ing’. The issues may be divided into
ent interactions with others and per-             two main groups:
ception of the real world with all sens-
es, are even exposed to disorders in              The intersection of the groups in-
the development of neuron structures              volves the area relating to privacy,

    1. aspects rela-                                           2. aspects
     ting to technolo-                                         relating to
                                        privacy
      gical threats,                                           social threats.

5 The Use of Mobile Devices by Small Children in Poland, Millward Brown Poland for FDN, 2015.

                                              6
Internet Toys - Akademia NASK
since it may be the subject of ac-                Alone together6.
                   tions undertaken by cyber criminals,              At the same time, it is worth taking
                   who are able to create a false identity           note of an additional aspect of chil-
                   by accessing data recorded in chil-               dren’s privacy, connected with the
                   dren’s toys and use it for illegal pur-           development of the Internet of things,
                   poses. On the other hand, the toys                namely the so-called wearable tech-
                   themselves are recording various                  nologies—that is clothes and acces-
                   interactions, including conversations             sories with embedded computer and
                   between the child and the toy, and                advanced electronic technologies7.
                   make them available to parents (or                Many experts believe that8 such prod-
                   other users of the application) without           ucts, which seemingly are to increase
                   knowledge or consent of the users                 child’s safety, may as a consequence
                   (i.e. the children). The perspective of           restrict children’s privacy and person-
                   parents’ entering their child’s privacy           al freedom, at the same time encour-
                   zone was discussed during the Inter-              aging them to accept supervision.
                   net Governance Forum in 2016 by                   On the one hand, it is natural that
                   a world-famous expert in the subject,             parents want to take every opportu-
                   John Carr. In his speech he indicat-              nity to protect their children, but too
                   ed the possible impact of connected               much developed surveillance, aware-
                   toys on relationships inside families             ness of permanent monitoring on the
                   through the use of toys as substitutes            part of the parents and teachers may
                   of real participation in child’s life.            have a significant impact on young
                   This problem is also emphasised by                people’s behaviour and development.
                   Professor Sherry Turkle in her book

                                                   We should remember that children
                                                        have the right to privacy.
                                                    They need a private space to play
                                                     and develop without feeling they
                                                        are constantly monitored.
zdj. Fotolia.com

                   6 Turkle Sherry, Alone Together, Basic Books 2011.
                   7 Acquired from: https://pl.wikipedia.org/wiki/Wearables. Access from 10.02.2018.
                   8 Acquired from: https://www.theguardian.com/sustainable-business/2016/feb/05/big-mother-gps
                   -tracking-technology-threat-privacy-childhood. Access from 12.02.2018.

                                                                 7
Internet Toys - Akademia NASK
A very interesting perspective con-                   were very interesting; they wondered
cerning privacy in children’s interac-                how they could make use of them at
tion with smart toys and parents’ ap-                 all. They thought that they would be
proach to the opportunity to listen to                able to learn about their children’s
and monitor children’s conversations                  possible problems, the ones that
was described in the pilot studies                    a child did not want to talk about di-
conducted by experts from Wash-                       rectly, or to hear the words they did
ington University ‘Toys that Listen:                  not want them to use. However,
A Study of Parents, Children, and                     on the other hand, they started to
Internet-Connected Toys’. The study                   imagine their own reaction, how they
involved eight interviews with par-                   personally would feel, if they were
ents and children (aged 6–10), dur-                   recorded without their knowledge.
ing which they were introduced to the                 The web account for parents which
workings of Hello Barbie and Cogni-                   accompanies Hello Barbie even en-
Toy Dino. The parents’ observations                   ables them to publish their chilldren’s
concerning the purport of recording                   recorded conversations in a social
talks their children have with the toys               portal. And all this can happen when,

Fig. 1. Parents’ panel. On the right there are icons that enable them to publish recordings in the
social media

                                                  8
Internet Toys - Akademia NASK
in the majority of cases, the children               robot as a social being, who you can
do not realise at all that their conver-             make friends with, share secrets with,
sations with toy friends are recorded.               who has got its own intelligence. 33%
Most of the children participating in                of the children would like to give the
the interviews did not know that their               robot voting rights, and 54% of them
parents could listen to their conver-                thought it was not fair to close the ro-
sations with Barbie. One child, when                 bot in the box if the robot does not
found out that the doll recorded the                 like it. Children aged 9–12 showed
conversations, became even scared.                   a much higher tendency to personal-
One of the recommendations from                      ise the robot than 15 year olds.
the study involved the suggestion
that children should be able to listen               The studies indicated a strong ten-
to their recordings directly from the                dency on the part of children to build
doll’s ‘interface’. Everybody agreed                 an emotional relationship with smart
that manufacturers and parents had                   devices and trust them. Hence, there
to notify children about all functionali-            is an enormous threat that the child
ties of the toys.                                    may potentially interact with some-
                                                     body who is able to take control over
Social aspects of smart toys are also                the toy, using a remote communi-
related to the impact smart toys may                 cation protocol, such as Bluetooth.
potentially have on the ability to build             A stranger might also learn about
authentic interpersonal relationships                the secrets that the child shared with
by children (the ones based on, inter                a digital friend. On top of that, chil-
alia, empathy, sensitivity, responsive-              dren may be exposed to hidden
ness, attentiveness, self-knowledge,                 commercials implemented in the toy
reciprocity, interest) and9 on children’s            (e.g. Cayla doll mentions popular
cognitive development. An extremely                  snacks and sweets in its interactions
interesting perspective for these con-               with children). That is why it is very
siderations was presented in the stud-               important that parents are careful
ies10 based on an experiment involv-                 when introducing smart toys to their
ing ninety children aged 9–12 and 15.                children’s world, take care about
The study used a Japanese Robovie                    the proper balance in their social
robot. The majority of children taking               activities and protect their children’s
part in the experiment recognised the                privacy.

9 Kahn Peter H. Jr,, Shen Solace, NOC NOC, Who’s There? A New Ontological Category (NOC)
for Social Robots, in: Nancy Budwig, Elliot Turiel, and Philip David Zelazo, eds., New Perspectives
on Human Development, Cambridge University Press, 2017, p. 114.
10 Ibid., p. 106–123

                                                 9
Balance is crucial

    Potential consequences for                          Potential consequences for

                                                                                                      zdj. Fotolia.com
    cognitive development11:                            identity development:
    F support in learning:                              • impact on the perception
    • knowledge personalised                                of human–human relation-
        for the child,                                      ships in the context of man
    • incessantly updated by                                –robot relationship
        a self-learning teacher                             (Shanyang 2006)12,
    but                                                 • transcendence: smart toys
    F risk of an educational                                as a new ontological
        bubble:                                             category (Kahn et al. 2013),
    • fragmentation of knowl-                           • changes in the perception
        edge, being lost in afflu-                          of privacy,
        ence, algorithmic learning,                     • smart robots/toys as super-
    • risk of hidden marketing                              vising devices.
        effect on children

                    Potential consequences for relationship development:

            compensation for unsatisfactory relationship in the real world (e.g. Kahn et al. 2013),
                                  functional diversification of relations,
                teaching the child the master–servant relationship (e.g. Kahn et al. 2013),
                              loss of relationship authenticity (Turkle 2007).

11 Influence tables on children’s development presented at the Safer Internet Forum 2017 by dhr.
prof. dr. J. (Jochen) Peter from the Amsterdam School of Communication Research/AscorR
12 Shanyang Zhao, ‘Humanoid social robots as a medium of communication’, New Media & Soci-
ety, 2006 (3), p. 401–419.

                                                 10
3. Internet of Things

                   The so-called Internet of Things (IoT)         Vehicles also become part of the
                   is a concept in which devices of every-        Internet of Things (often connected
                   day use are connected with one an-             with fleet-management systems), as
                   other, usually in a wireless way. This         well as traffic lights, buildings and
                   allows them to exchange data and               their individual sub-systems, such
                   often provides remote control mecha-           as alarms or air-conditioning… Each
                   nisms in a full or restricted scope.           of the groups is completely different.
                                                                  In case of industrial systems, the pri-
                   Such definition is obviously very gen-         ority will be uninterrupted operation,
                   eral and consequently somewhat                 since a failure of a power plant block
                   problematic in use. First of all, the          or a sewage treatment plant may
                   spectrum of ‘things’ included in the           cause serious consequences. For the
                   Internet of Things is very wide. On the        manufacturers of TV-sets or toys the
                   one hand, we have devices used in in-          most important element will involve
                   dustrial systems: robots, smart gaug-          the implementation of new functions
                   es or switches. On the other hand,             which may attract purchasers, and
                   there are gadgets for individual con-          make it possible to build a competi-
                   sumers: watches, TV-sets, washing              tive advantage.
                   machines or, finally, toys.
                                                                  Very diverse are as well the techno-
                                                                  logical solutions used by smart de-
                                                                  vice manufacturers—starting from
                                                                  designs and computing platforms,
                                                                  through operating systems and ra-
                                                                  dio communication protocols, as well
                                                                  as ways to store and transmit data.
                                                                  For instance, for an initial configura-
                                                                  tion many consumer solutions use
                                                                  Bluetooth Low Energy, Wi-Fi Direct
                                                                  or NFC (and traditional Wi-Fi during
                                                                  normal operation), most often with
zdj. Fotolia.com

                                                                  the use of a smartphone.

                                                             11
Finally, the borderline of the Inter-            Components re-use such elements
net of Things is rather symbolic and             as network cards, BLE cards, video
fluid. Smartphones may be a good                 cameras, etc. are usually used in
example here. Basically, they should             many similar devices manufactured
be included into the group of IoT de-            by various vendors. The same ap-
vices (as, nomen est omen, ‘smart                plies to programming libraries used
telephones’). On the other hand, they            in the device’s software. In case of
constitute such mature solutions and             some cheap smart devices, products
are equipped in enormous computing               of various brands may differ from
power that we learnt to treat them as            one another basically only with cas-
a new class of portable computers,               ings and visual elements of the user’s
where using the GSM network for                  interface. Hence, finding that a fea-
voice calls is just one of all the avail-        ture is vulnerable in one of the typical
able functions.                                  elements has effects on many prod-
                                                 ucts.
Consequently, treating the Internet
of Things as a whole makes limited               Firmware updates: In order to fix an
sense in particular when talking about           error in the device’s software, a new
its technical problems. Nevertheless,            version must be published by the
below we made an attempt to high-                manufacturer, and then downloaded
light the most important classes of              and installed by the consumer. This
problems common for smart connect-               update process may be either auto-
ed devices.                                      matic or manual. In the latter case,
                                                 users have to periodically check the
Limited resources at the production              manufacturer’s webpages for firm-
stage: when designing the IoT de-                ware updates and install them on
vices, it is usually necessary to take           their own. In any case, the manu-
care about their compact size and en-            facturer must ensure that consum-
ergy efficiency. It may lead to a com-           ers can verify the patch comes from
promise between security (for exam-              a trusted source, and was not modi-
ple, using security strong cryptographic         fied in any way. Another significant
algorithms) and implementation of                problem involves the fact that the
additional functions. From the manu-             availability of possible software up-
facturer’s perspective, time is also             dates after product purchase depends
a vital resource. Any delay in marketing         on the time the producer will support
a new model of a product may mean                the product. In case the producer
losing a market share. They may be               thinks such support is not profitable, it
thus tempted to limit the tests, includ-         may turn out that we are left with the
ing the ones related to IT security.             product that will not be repaired at all.

                                            12
It is worth noting that such problems
                   basically refer to all smart devices,
                   regardless of whether they are Inter-
                   net-connected (i.e. they are elements
                   of IoT) or not.
zdj. Fotolia.com

                                                           13
4. Perception and popularity
of smart devices in Poland.
Quantitative and qualitative
studies

Almost 25 billion IoT devices are
expected to be in use globally by
202013, and in the opinion of experts
over 70% of households will be
equipped with such devices by
202514.

This dynamically developing branch
of technology becomes more and
more popular in Poland. In order to

                                                                                           zdj. Fotolia.com
determine a current distribution of

  Internet of Things, defined as
      a next stage of digital
 revolution, enters every part of
    everyday life and industry.                   smart devices in Polish households,
   We speak about IoT, among                      with a particular attention to the
     others, in terms of smart                    popularisation and knowledge about
   economy, smart city, smart                     the Internet of Toys, quantitative and
   transportation, smart health                   qualitative studies were conducted
         or smart home.                           in mid-2017 which gave a broader
                                                  overview of the perception and
                                                  spread of IoT technologies.

13 https://www.gartner.com/newsroom/id/2905717.
14 https://www.forbes.com/sites/forbestechcouncil/2017/06/06/best-smart-home-devices-and
-how-iot-is-changing-the-way-we-live/#578e929b43bd.

                                             14
Quantitative studies
The study performed with the use of Ariadna panel involv-
ing Polish Internet users across the country, composed of
 N=1051 people. Quotas reflecting population aged 18 and
over, grouped by sex, age, and town size. Period of study:
           8–11 September 2017. Method: CAWI,
                            and
The study performed with the use of Ariadna panel, involv-
ing Polish Internet users across the country, composed of
 N=1047 people. Quotas reflecting population aged 18 and
         over, grouped by sex, age, and town size.
  Period of study: 15–11 September 2017. Method: CAWI.

                  Qualitative studies
  The study performed with the use of an in-depth interview
(IDI) between July and September 2017. The interviews were
conducted in places of respondents’ residence or their tem-
porary stay. It was particularly important in order to conduct
observation studies, confront the provided information with
the situation accompanying the interview, take into account
 the information concerning popularisation and use of elec-
 tronic devices resulting from interior designs, presence of
         devices within sight during the interview etc.

24 interviews were performed with families selected accord-
ing to the guidelines of the matrix, assuming diversification
according to the place of residence, education level, number
 of children, and number of parents in the family (both par-
                   ents/sole father/mother)

                              15
Is my fridge smart?                                ring to specific functions of an appli-
                                                    ance (e.g. fast cooling of beverages),
 The quantitative studies were con-                 make their owners believe they are
 ducted twice. The first study showed               part of Internet of Things.
 the respondents had difficulties to de-
 fine items belonging to the Internet of            An example is shown in the below
 Things. It seems that marketing cam-               chart presenting answers to the first
 paigns and rhetoric describing the                 question asked in the first edition of
 devices as ‘smart’, when in fact refer-            the studies.

   Which of the following devices are in your household and have an Internet
  connection or can be connected to the Internet, i.e. they are ‘smart’ devices?

60.0%

50.0%

40.0%

30.0%

20.0%

10.0%

0.0%
                      t

                     e

                    ne

                           o

                               en

                                                    s

                                                    g

                                                     r

                                                          s

                                                                  em

                                                                                         as

                                                                                         ng

                                                                                          e

                                                                                           r
                                                                                           r
         se

                                                  te

                                                                                        he
                                                                                        ne
                                                 ht

                                                            y
                   dg

                          di

                                                tin

                                                                                       ov
                                                         to

                                                                                      er
                  hi

                               ov

                                                                                      ni
                                               ea
                          ra

                                    lig

                                                                st

                                                                                     ot
                                                                                    itu
        TV

                                               a

                                                                                   ab
                fri

               ac

                                                                                  tio
                                                                     m
                                            he

                                                              sy
                                            th

                                                                                pl
                                                                   ca
             m

                                                                               di

                                                                                e

                                                                            am
                                          e

                                                           m

                                                                             th
                                                                           on
                                        m
                  g

                                                         ar
                in

                                                                          of
                                     ho

                                                                       rc
                                                         al
              sh

                                                                       ne
                                                                       ai
             wa

                                                                            no

                                               16
The obtained answers and high pos-                               in which the first question was divided
session ratios of smart devices re-                              into two complementary questions:
quired another study to be performed,

                 Which of the following devices are in your household?
    90.0%

    80.0%

    70.0%

    60.0%

    50.0%

    40.0%

    30.0%

    20.0%

    10.0%

     0.0%
                       o

                                       r

                                              ne

                                                     e

                                                              en

                                                                     em

                                                                           ys

                                                                                       s

                                                                                                g

                                                                                                       ng

                                                                                                                as

                                                                                                                      e
                 t

                                 r
             se

                                      te
                             ne

                                                                                      ht
                      di

                                                   dg

                                                                                               in

                                                                                                                     ov
                                                                          to

                                                                                                            er
                                                                                                     ni
                                           hi

                                                           ov
                                     ea
                     ra

                                                                                     lig

                                                                                            at
                                                                     st
                            itu

                                                                                                                     ab
            TV

                                                   fri

                                                                                                    tio
                                           ac

                                                                                                            m
                                                                 sy

                                                                                           he
                                  th
                            pl

                                                                                                           ca
                                                                                                  di
                                          m

                                                                                                                 e
                       am

                                  e

                                                                 m

                                                                                                                th
                                                                                                on
                                 m

                                       g

                                                              ar
                                      in

                                                                                                                of
                             ho

                                                                                             rc
                                                            al
                                     sh

                                                                                                            ne
                                                                                            ai
                                  wa

                                                                                                           no

  And which of the devices in your household are connected to the Internet?

    60.0%

    50.0%

    40.0%

    30.0%

    20.0%

    10.0%

     0.0%
                                              o

                                              r

                                              e

                                                                          ys
                                             ne

                                                                   en

                                                                   em

                                                                                   s

                                                                                           g

                                                                                                               s
                                                                                                              ng

                                                                                                               e
               t

                                              r
             se

                                            te
                                           ne

                                                                                ht

                                                                                                             ra
                       di

                                           dg

                                                                                       in

                                                                                                            ov
                                                                        to
                                          hi

                                                                ov

                                                                                                ni
                                        ea
                     ra

                                                                               lig

                                                                                       at
                                                                st

                                                                                                           e
                                          u

                                                                                                          ab
            TV

                                      fri
                                    ac

                                                                                             tio

                                                                                                          m
                                        t

                                                              sy

                                                                                     he
                                     h
                                      i
                        pl

                                                                                                       ca
                                   t

                                 m

                                                                                             di

                                                                                                        e
                      am

                                 e

                                                            m

                                                                                                     th
                                                                                           on
                              m

                               g

                                                         ar
                            in

                                                                                                  of
                          ho

                                                                                       rc
                                                         al
                         sh

                                                                                                      ne
                                                                                      ai
                      wa

                                                                                                    no

                                                            17
As it can be observed, after ask-              relation between the fact of having
ing directly whether a given device            a smart device and having knowledge
is Internet-connected, the obtained            about other IoT devices.
data indicated a much lower distri-
bution of IoT devices in households
than resulted from the first panel.            Who buys and who makes
When analysing the data, how-                  decisions?
ever, one should also take into ac-
count the possibility indicated by             Toys are purchased by virtually all so-
the qualitative studies—namely,                cial groups, of any age. Almost 80%
that there is a situation in which re-         respondents declared that they pur-
spondents have a smart device                  chased toys, out of which 95% people
(it mainly concerns TV-sets), but they         were aged 25–34.
do not connect it to the Internet, and
use it only as a traditional TV-set. In
some cases the respondents had the              Do you buy toys for your children?
most modern smart TV on the wall of
their flat, but it was not connected to
the Internet.
                                                       90.0%
Moreover, the study showed that the
                                                       80.0%
most common holders of smart TV
(the most common smart appliance
                                                       70.0%
in Polish households) are persons
belonging to the age group 45–55,
                                                       60.0%
living in small and medium-sized
towns. People living in medium-sized
                                                       50.0%
towns (20–99 thousand inhabitants),
aged 25–44, are also the most com-                     40.0%
mon holders of smart alarm systems.
Smart toys are rather rare at present                  30.0%
and their holders are most frequently
people with higher education level,                    20.0%
aged 35–45, and living in big cities.
                                                       10.0%
Interviews with the families confirmed
the fact that people who have smart                     0.0%
devices very often are not aware
what it means. There is also no cor-
                                                                 s

                                                                      No
                                                               Ye

                                          18
Women buy toys relatively more often            for digital appliances shopping. Chil-
(80.3%) than men (76.4%), however,              dren are their advisers and motiva-
it may change with regard to digital            tors in the majority of cases. Women
toys in the future since men tend to            are mentioned as decision-makers
treat their voice more important in             only during interviews with sole moth-
the decision-making process when                ers. Additionally, there occur disput-
purchasing electronic devices. The              able situations: the spouses do not
quantitative studies confirm obser-             agree on who makes decisions about
vations from the qualitative studies.           purchases. Eventually, the argument
In the majority of cases, fathers are           to resolve the dispute was usually:
quoted as decision-making persons               who pays for the device.

Who in your household has a decisive voice when buying electronic devices?

 it's hard to say

          others

        children

         mother

          father

  wife/husband/
         partner

         myself

                    0.0%   10.0%   20.0%   30.0%      40.0%   50.0%    60.0%   70.0%

                                           19
I decided                      How we evaluate IoT
                                            technology development
     80.0%
                                            in the context of children?

     70.0%
                                            How do you rate the fact that more
     60.0%                                  and more appliances can be connect-
                                            ed to the Internet, and can be remote-
     50.0%
                                            ly managed from applications on your
     40.0%                                  smartphone, tablet, or computer?

     30.0%

     20.0%
                                             40.0%
     10.0%
                                             35.0%
      0.0%
                                             30.0%
                  e

                         e
              al

                      al
             m

                      m
             fe

                                             25.0%
Another aim of the study was to
                                             20.0%
check how the respondents feel
about development of the smart toys
                                             15.0%
market. The most positive attitude
towards IoT development was shown            10.0%
by citizens of big cities; they gave
10% more of ‘positive’ answers to             5.0%
the question: How do you perceive
the fact that more and more toys              0.0%
can be connected to the Internet?
                                                        po y
                                                              ive

                                                       ne al

                                                                 e

Neutral and positive attitudes are
                                                             sa

                                                             tiv
                                                               r
                                                            ut
                                                           sit

                                                          ga

predominant, though almost 30%
                                                      to

                                                         ne
                                                    rd

show great concerns.
                                                  ha

                                       20
The below chart shows that the                       attitude towards smart toys hope that
greatest concern involves unautho-                   they will have a positive influence
rised access to data. Interestingly,                 on children’s development, particu-
respondents thought that the lowest                  larly in the educational context, and
risk involved direct loss of money, e.g.             they believe that it is a natural con-
a bank account compromise or stolen                  sequence of digital revolution. Nev-
credit card information.                             ertheless, they also have certain
                                                     concerns, mainly related to overuse
The qualitative studies also indicated               of devices by children and the use
a rather neutral attitude towards the                of Internet as a time killer for young
development of Internet technologies                 people. The negative evaluation of
in the context of toys, whereas almost               smart toys involved mainly concerns
all of the answers were marked with                  about surveillance, loss of privacy,
certain doubts. The parents most                     and killing children’s creativity. Both
often paid attention to the issues in-               in the qualitative studies and in the
volving the protection of children’s                 quantitative studies it can be noted
privacy, a risk of access to personal                that concerns about loss of funds
data; they were afraid that such toys                (i.e. potential interception of account
may provide false emotions to their                  data, logins, passwords) are not
children and that potentially each                   mentioned as the main risk associ-
child may be exposed to dangerous                    ated with IoT devices.
contacts. People showing a positive

     What worries you the most about devices connected to the Internet?

         that someone may access
       my data without authorisation                                               27.1%

            that devices may collect                                       23.7%
         data without my knowledge

 that someone may take over control                                    20.3%
   of the device without authorisation

             that the device will stop                         16.5%
             working due to an error

             that someone may steal
                my credit card details
                                                8.5%

                                other    3.9%

                                                21
The objective of the study was also                  are not always willing to guarantee
to determine the properties which are                a longer period of toy operation.
the most important for parents when
choosing a toy. It was a multiple                    The question is to what extent atten-
choice question. As presented in the                 tion paid to safety refers to physical
chart, most respondents (65.5%) re-                  aspects of toys (the risk of swallow-
garded safety as the most important,                 ing by small children, no adequate at-
along with a large group (63.4%) who                 testations), and to what extent it will
thought its adjustment to age is de-                 also include the problems relating to
cisive. Price and child’s preferences                Internet security. It should be noted
were given the subsequent places.                    that the interviews were conducted
Almost 50% are guided by durabil-                    in Polish, where ‘security’ and ‘safety’
ity when shopping, thus, it is worth                 are described by the same word. It is
paying attention to this aspect in the               therefore hard to determine which of
context of smart toys since producers                the two the respondents had in mind.

      Which features of the toy are most important to you when deciding
                               about purchase?

     80.0%

     70.0%     65.5%
                          63.4%
     60.0%                        54.6%
                                           52.6%
     50.0%                                             47.9%

     40.0%

     30.0%

     20.0%
                                                                  10.0%
     10.0%
                                                                            5.1%
                                                                                      0.3%
      0.0%
                 ity

                              e

                                  ice

                                                e

                                                          y

                                                                                  s

                                                                                       r
                                                                             tio t

                                                                                      he
                                                         ilit

                                                                   nd
                          ag

                                              nc

                                                                          ec rne
                                                                                n
               ur

                                  pr

                                                        b

                                                                                      ot
                                          re

                                                                tre
              ec

                         's

                                                     ra

                                                                       nn te
                                          fe
                        ild

                                                                     co f In
                                                    du
             /s

                                                                nt
                                          e
                    ch
          ty

                                       pr

                                                            rre

                                                                       o
         fe

                   to

                                    's

                                                                     y
                                                          cu
        sa

                                                                     ilit
                                   ld
                  fit

                                                         to

                                                                  sib
                                     i
                                  ch

                                                      fit

                                                                   s
                                                                po

                                                22
Based on answers to the question                 with the technology. It seems like the
concerning the frequency of talks                known proverb: ‘All I know is that I
conducted with children about In-                know nothing’—the more we get to
ternet security, it may be stated that           know the Internet, the more we are
this subject is still not mentioned in           aware of the potential challenges ac-
many households (15.1%), or it is                companying the virtual world.
very rare 38.5%). Frequent talks
with children about on-line safety
are declared more frequently women               How often do you talk with your child
(51.3%), than by men (39.1%), how-               or children about the Internet safety
ever, women are considerably rarely                and the potential online threats?
decision-makers and initiators of
digital device purchases. During the
interviews, parents very often replied
that they had not talked with their
children about safety in the Internet
as they thought children knew more                       38.5%
about new technologies and parents                                       46.4%
                                                         rarely
did not keep up with it. Parents ad-                                     often
mitted they could not conduct such
talks, and that they should know
more about the subject and adjust                             15.1%
                                                              never
the scope of the talk to their children’s
age. At the same time, the majority
of respondents thought that parents
should be more responsible for their
children’s education and protection              An    alarming    fact  consistently
against on-line threats than school. It          showing in responses is that the
seems very interesting that the less             parents pay little or no attention
the respondents knew about technol-              to terms and policies regarding
ogies and digital activities of children,        products and online services they
the higher personal responsibility               buy. Most respondents unanimously
and role they saw, whereas persons               answered that—when buying digital
well familiarised with the digital world         devices, downloading applications,
and personally active Internet users             using social media or other on-line
thought that school should lead the              services—they read neither their
way in shaping digital competences,              regulations nor the privacy policy.
explaining that they could see per-              Regulations are read only in cases
sonally that parents did not keep up             when people have concerns that

                                            23
a given on-line service may involve
terms and conditions payments, but
still it is not a rule. That is why all
parents expressed the need to be
clearly informed about any function-
alities and privacy policies concern-
ing smart toys directly on the packag-
ing or even on the toys themselves.
It is worth noting that the data confirm
conclusions from the previously quot-
ed studies conducted by the Wash-
ington University during which all par-
ents who took part in the interviews
had clicked a button to agree to their
children’s use of the Hello Barbie doll
and associated services without any
hesitation or familiarising themselves
with the privacy policy.
                                                Fig. 2 Parents’ consent app for having their
Respondents would like manufac-                 child playing with Hello Barbie
tures to feel responsible for adequate
notifications to their potential cus-           of IoT technologies into child’s life,
tomers and protection of their data             starting from conscious purchase, as
required to operate the devices.                well as subsequent consistent care
Parents also appreciate all sorts of            about children’s safety in the context
guidebooks which could help them to             of protecting their privacy and social
take care about their children’s safety         development.
in the context of digital media.

Results of the studies clearly show
the need for awareness campaigns
explaining the ideas, workings,
and challenges of the Internet of
Things. Consequently, the aim of this
guidebook is primarily to describe
the technological issues of smart
devices, to present risks specific to
smart connected toys, and to offer
parents and carers tangible advice
concerning conscious introduction

                                           24
5. Smart toys under scrutiny.
Tests and analysis of the issues

As we have underlined above, this              on the server. Thanks to the fact that
guidebook is focused mainly on smart           the analysis is made outside the toy,
toys connected to the Internet. The            the toy itself does not need a high
connection usually means a certain             computing power. Nevertheless, as
type of interaction with the services          it can be easily figured out, such a
available on the server belonging              model may pose a potential threat to
to either the manufacturer or to a             our privacy.
cooperating third company. In case
of each toy, the details concerning            In order to check how secure such
the interaction may look completely            toys are in practice, we played the
differently. Usually, however, the             role of consumers and bought smart
majority of raw data collected from the        connected toys for testing.
environment are sent to be processed

Hello Barbie—a doll advertised as equipped with the function of interactive talk
and voice recognition. It is equipped with a microphone. The child’s statements
are sent to the cloud. The application on the server tries to recognise from
a list of several such as ‘yes, ‘no’, conversation topics and provides an ‘answer’
from a list of several thousands recorded phrases. The doll is recommended
for children aged 6–15.

Fig. 3 Hello Barbie doll

                                          25
Barbie Hello Dreamhouse—a smart doll house. It uses mechanisms similar to
those of Hello Barbie in order to use voice commands to activate various func-
tions of the doll house (e.g. playing the music or switching the lights on). The
toy is recommended for children aged 3–10.

Fig. 4 Barbie Hello Dreamhouse

Fisher Price Smart Toy Monkey—uses microphone, video camera, and ac-
celerometer for interactive play, responding to key words, activity cards (recog-
nition with the use of video camera) or movement (e.g. tossing up). The toy is
recommended for children aged 3–8.

Fig. 5 Fisher Price Smart Toy Monkey

                                       26
CogniToys Dinosaur—sends user’s voice messages to the server, the ap-
plication in the cloud is powered by the IBM Watson system which generates
answers in the form of natural conversations, quoting encyclopaedic data, tell-
ing jokes, singing, etc. Recommended for children over 5.

Fig. 6 Dinozaur CogniToys

Before we discuss possible prob-                 Toy configuration is usually made
lems in more detail, let us describe             with the use of a smartphone. During
the manner of operation of ‘smart                this process, we will have to provide,
connected’ toys. For all the toys we             at least, a wireless network configu-
tested it is possible to distinguish sev-        ration (name and password) which
eral stages, important from the point            will be used by the toy to establish
of view of understanding the core of             a connection in the future. The informa-
their operation:                                 tion will be recorded in the toy’s mem-
                                                 ory, though it may happen that they
Registration in the manufacturer’s/              will be then sent to the manufacturer
service provider’s server. We are                (at least one of the toys we tested
usually asked to create a user’s profile         sent the name of the wireless network
before the toy’s first use. The scope of         it used). In this way, a specific toy is
data provided at this stage varies—at            connected with the user’s profile.
least it is an e-mail address, but we
may also be asked to state the child’s           During normal use, the toy operates
name and age. The profile data is                in the following cycle:
stored on the manufacturer’s server.

                                            27
Collecting data from the user. The
toy records the sound, image or ac-
celerometer readings and sends
them to the server (sometimes par-
tially processed).

Data processing on the server.
Depending on the particular toy, for
instance, a graphic symbol analysis
or full voice recognition may be per-
formed. The software on the server
generates a response (e.g. a voice

                                                                                          zdj. Fotolia.com
message, a command for the toy to
perform a certain action that the script
version of the story told) and sends it
to the toy. So, this is what the ‘smart-
ness’ of the toy is embedded in.

Presentation of result. Playing re-
corded voice response, music, per-
forming an action etc.                          line shop. What is important, all toys
                                                require a smartphone application
                                                to be configured. The application
We are buying a smart toy                       may be unavailable for Polish users.
                                                Fortunately, the seller clearly informs
None of the toys we tested was                  about the fact on the packaging (see
available on the Polish market. We              below the last line on the application
purchased them in an American on-               accompanying Hello Barbie).

Fig. 7 Hello Barbie Application

                                           28
From the description of the toys you                  •   How does the toy exactly operate?
learn that they are interactive and                       We may ask the seller for more
smart and that they need to be con-                       information, asking for a demon-
nected to the Internet (thus they are                     stration. We may also search the
‘smart connected’). However, it is not                    Internet for consumer reviews,
easy to understand what their ‘smart-                     test results, demonstrative videos,
ness’ precisely involves, or which                        etc. It is worth remembering that
data are used by them. Some de-                           descriptions of smart toys and un-
scriptions refer the user in small print                  derstanding of some phrases (for
to the privacy policy on the manufac-                     instance, an ‘interactive talk’) may
turer’s page. So, this is to some ex-                     be different for people responsi-
tent ‘a pig in a poke’.                                   ble for marketing and for us.
                                                      •   What data does the toy collect?
                                                          Where are they stored?
                                                          Who has access to them?
                                                          We should find the answers in
                                                          the privacy policy on the manu-
                                                          facturer’s web page. There may
                                                          be an exact reference link on the
                                                          box or in the instruction manual
                                                          (often available to download from
                                                          the web page) to the document
                                                          or, at least, the main web page
                                                          address of the manufacturer.
                                                          As a last resort, we may look for
Fig. 8 Privacy issues of the Hello Barbie doll            the technical support section on
                                                          the web page and ask them for
                                                          more information.
When we unboxed the toys, we con-                     •   How are the data sent between
cluded that, after all, we were in a bet-                 the toy and the manufacturer’s
ter situation than the consumers who                      server protected?
decided to buy the toy after seeing it in                 By default we should expect the
the shop. There is hardly any informa-                    data to be encrypted. However,
tion on the packaging on how the toy                      this is not always the case. Be-
operates, not to mention the details                      sides, the encryption itself does
about technological solutions used.                       not guarantee that the data will not
                                                          be intercepted. Unfortunately, it is
What questions should be asked, in                        no use looking for exact informa-
our opinion, before we buy such toys?                     tion in any documentation provid-

                                                 29
ed with the toy. It is worth sending
    a question to the manufacturer’s
    technical support department,
    and searching for tests of the toy
    on in the Internet. Maybe some-
    one has already proved that it is
    insecure? And maybe just the op-
    posite?
•   How can the software be updat-
    ed?
    All toys tested by us automatically
    checked for updates each time               Fig.9 Information on the toy updates
    they were switched on. However,
    we did not find any information
                                                If we manage to collect all, or—at
    about that in the instruction man-
                                                least—most of the answers, we
    uals. Thus, it is worth asking the
                                                should consider possible risks, and
    technical support team before we
                                                decide whether we consciously want
    buy the toy.
                                                to purchase the toy.
•   How long will the product be
    supported?
    The producer may stop providing             We have the toy
    updates any time, which means
    that any possible errors will not           Some toys process only a very limited
    be removed. Worse still, the                set of data. In this case, we may only
    server itself, which is responsible         be afraid that somebody may modi-
    for the toy ‘smartness’, may be             fy the software in such a way that a
    switched off, which will make the           video camera, a microphone or a mo-
    toy almost useless. In the case             tion sensor may record more than the
    of one of the toys we bought,               producer assumed (Is the toy sec-
    such information can be found               ond-hand? Do we trust the seller?).
    in its marketing materials. How-            Some other toys send a complete set
    ever, it is easy to be overlooked.          of records of conversations between
    We even did not find it on the              the child and the toy to the manufac-
    box!                                        turer, and—apart from the record-
                                                ings—also their transcriptions are
                                                stored that may be used for machine
                                                analyses. In such a scenario, it is ex-
                                                tremely important to encrypt the data
                                                for transmission, as well as to protect

                                           30
them against unauthorised access               necessary to create an account on
                   by third parties while stored. In other        the manufacturer’s web page at the
                   words, we need to have confidence in           first use. At this stage we had to ac-
                   the service provider contents and in           cept all terms and conditions includ-
                   his technical competences.                     ing the privacy policy. Though we tend
                                                                  to skip such messages with a quick
                   It is worth noting that all toys we            ‘Next’, in this case we recommend to
                   tested were addressed for English-             read the documents carefully. They
                                                                  describe what data are collected,
                                                                  who can process them and for what
                                                                  purpose. In the most extreme cases,
                                                                  the manufacturer declared disclosing
                                                                  of all data (including recordings of the
                                                                  child’s conversations with the toy) to
                                                                  third parties, almost without any limi-
                                                                  tations. You will find a wide analysis
                                                                  of this issue further in this guidebook.

                                                                  The installed application is used to
zdj. Fotolia.com

                                                                  pre-configure the toy. In particular, to
                                                                  set the access data to a wireless net-
                                                                  work and to connect the toy with the
                                                                  user’s account. Wi-Fi Direct or Blue-
                   speaking customers. It is very                 tooth are most often used to connect
                   important in particular in the scope           the toy. In both cases the connection
                   of the voice recognition function.             is established without any authorisa-
                   In our tests the algorithms did                tion on the part of the toy; it does not
                   not cope very well with this task              require any PIN or password. Con-
                   (even during ‘conversations’ with              sequently, we recommend that the
                   a native speaker). It may pose even            initial connection and setup shall be
                   a greater problem of children’s frus-          performed in a place where there is
                   tration as their pronunciation is natu-        no risk that an unauthorised person
                   rally less clear and the language—             will intercept the connection for ill pur-
                   less correct.                                  poses. It should be noted that the use
                                                                  of application is usually only required
                   The first task we had to complete be-          to configure and reconfigure the toy
                   fore we started using each of the toys         (e.g. when adding a new Wi-Fi net-
                   was to install and start the dedicated         work). Once configured, a toy will op-
                   application on a smartphone. It was            erate independently as long as it can

                                                             31
connect to a known Wi-Fi network.              the software for the doll. Unfortunate-
The place where the toy is used is             ly, in one of the toys the encryption
also of importance, exactly due to the         was poorly implemented and not all
Wi-Fi networks that the toy ‘remem-            the data were protected. In particular,
bers’ since the toy will connect to any        it was possible to install a fabricated
Wi-Fi network which will have identi-          update. On the other hand, a properly
cal configuration (name, security pro-         used and adequately strong encryp-
tocol, password)—even if it is broad-          tion prevents us from checking what
casted e.g. by a malicious neighbour.          data are collected by the toy only on
Anyone in control of a Wi-Fi device            the basis of the analysis of traffic bet-
to which the toy gets connected may            ween the toy and the server.
redirect the communication between
the toy and vendor’s server, poten-            All the toys we tested are equipped
tially eavesdropping or modifying it.          with the automatic updating mecha-
The same risk applies when we con-             nism. When connected to the Wi-Fi
sciously use public networks if we             network, they check the manufac-
do not know who administers such               turer’s website for the most recent
networks, or whether they have been            available software updates, down-
intercepted.                                   load, and install them if required.
                                               As we mentioned above, it is extreme-
In order to protect the user’s priva-          ly important that the cryptographic
cy and ensure that the data is sent            mechanisms ensure that updates
to the proper server, manufacturers            are actually a safe source. An unau-
may apply cryptography, for instance           thorised change in the toy’s software
by using the popular SSL/TLS proto-            might result in any use of periph-
cols. During the tests we checked if           eral devices the toy is equipped with
this is the case. The majority of toys         (i.e., first of all, a microphone or
passed the test with no reservations,          a video camera) and transfer of data
not only encrypting the transfer, but          to any server, without any control.
also verifying whether the other party
indeed belongs to the manufacturer             It is worth emphasising that all toys we
and, consequently, refusing to com-            tested collect data only in response to
municate with the substitute server            the user’s conscious interaction (typi-
we provided. It was also the case with         cally a push of a button). This is good
Hello Barbie doll which was declared           news since it means that the toys are
in 2013 as susceptible to such a type          not ‘listening’ all the time and they do
of attacks. It means that producers            not send data to the manufacturer if
have obviously removed the problem             we do not wish so, or if we are not
and ensured an adequate update of              aware.

                                          32
toy is not connected to the network
We also posed a question whether                 (for instance, the messages greeting
the ‘smartness’ of the toys may be               the child or notifying about errors).
used against the child, for example,
by teaching them an aggressive or                ‘Smart’ toys are nothing more than
vulgar behaviour. In case of the ma-             electronic devices adjusted to com-
jority of the toys, the answer turned            municate with the outer world through
out to be very simple, due to their lim-         embedded sensors (e.g. a micro-
ited ability to interact and no possibil-        phone or a video camera), as well
ity to generate messages outside the             as with the Internet through standard
scope of pre-defined scripts (even if            network interfaces (e.g. Wi-Fi, Blue
the script included over 8000 phras-             Tooth).
es, as was the case of Hello Barbie).
As far as CogniToys Dino is con-                 One of many aspects concerning the
cerned, the potential seemed to be               broadly understood safety of ‘smart
higher because it uses the IBM Wat-              toys’ is the possibility to get a physical
son system and generates responses               access to elements responsible for
based on an extended (and probably               communication or data storage. This
constantly broadened) knowledge                  is especially applicable when such
base. However, the producer took                 a toy originates from the secondary
care of unsuitable content filters, ei-          market. On the other hand, when
ther by limiting access to undesirable
content or responding adequately to
any attempts of the testing persons’
‘unsuitable behaviour’.

Physical safety of the toy

Another way of ‘attacking’ a smart
toy is through a physical access to its
systems and an attempt to recover or
                                                                                   zdj. Fotolia.com

modify data and software. The data
recorded by the toy include names
and passwords to Wi-Fi networks or
the user’s account data. In turn, apart
from the software itself, the elements
such as audio messages may be
modified that are available when the

                                            33
the toy has been lost or stolen, the         functional elements (see Fig. 11):
new owner might retrieve sensitive           A wireless network module—Azure-
data from the device. There is also          Wave AW­CU300E 802.11 b/g/n,
a possibility that somebody may              1. Memory storing the software and
insert additional functions to the               all data—Gigadevice GD25Q16
toy,   enabling—for     instance—to              16Mbit SPI Flash,
eavesdrop children during their play         2. An audio module responsible for
or household members who are                     processing signals from the micro-
within the scope of the embedded                 phone and sound reproduction—
video camera or microphone.                      Nuvoton NAU8810 24­bit.

Hello Barbie

It seemingly does not differ from the
other dolls of the producer, however,

                                             Fig. 11 Opened Hello Barbie doll

                                             Should anyone unauthorised have
                                             physical access to the doll, the most
                                             exposed element is the memory
                                             because all its content can be read.
                                             During the analysis it was shown that
                                             in order to read the whole memory
                                             content, it is enough to solder out the
                                             element and read it with the use of
                                             a reader. The memory is divided into
                                             sections due to its functional areas.

Fig.10 Hello Barbie with accessories.        •    Section no. 1 includes the so-
                                                  called Boot loader which enables
it is equipped with a docking station             the toy’s software to run.
and a charger (see Fig. 10).                 •    Section no. 2 contains configu-
When we undress and open                          ration of the toll with relevant
the doll, we can see a printed                    credentials for a Wi-Fi network.
circuit board and identify all                    It is worth noting that it was not

                                        34
to purchase it—they should check
     possible to read the data, be-                     whether the doll had not been opened
     cause they were encrypted.                         before. In the case of Hello Barbie doll,
•    Section no. 3 contains the soft-                   the majority of physical interference
     ware to control the doll.                          attempts should leave some traces.
•    Section no. 4 contains software                    The easiest way to check it is by
     for a Wi-Fi module.                                looking at the cracks where two parts
•    Section no. 5 contains all audio                   of the doll come into contact with each
     files used offline.                                other. Since the doll is to a certain
                                                        degree glued inside, the access to its
We do not have an easy access to                        interior part requires some physical
sensitive data recorded in the doll’s                   strength which normally leaves
memory. Difficult, onerous, and re-                     traces on the edges (see Fig. 12).
quiring specialised knowledge modi-
fication of the software or audio files                 Photos of Hello Barbie were taken form: https://
                                                        fccid.io/PIYDKF74-15A5W and
recorded in the memory is still pos-                    http://somersetrecon.com/s/HelloBarbieSecuri-
sible.                                                  tyAnalysis.pdf.

Doll users should be forewarned that                    Dream House
they should be very careful when
buying the toy on the secondary                         A smart home made by the same
market, and—if they still decided                       producer as the Hello Barbie doll. Af-
                                                        ter opening we can see two printed
                                                        circuit boards out of which the green
                                                        one is worth analysing (see Fig. 13).
                                                        At the first glance, it looks similarly as
                                                        the circuit board from the Hello Bar-
                                                        bie doll.

                                                        We can identify the same functional
                                                        blocks on the board as in the case
                                                        of the Hello Barbie doll. Figure 14
                                                        shows the individual modules:
                                                        1. A wireless network module,
                                                        2. Memory storing the software and
                                                            all data—Winbond W25Q128FV,
Fig. 12 Traces left when a Hello Barbie doll has        3. An audio module responsible
been opened                                                 for processing signals from

                                                   35
You can also read