Security and Privacy Analyses of Internet of Things Children's Toys

Gordon Chu, Noah Apthorpe, Nick Feamster

Research output: Contribution to journalArticlepeer-review

54 Scopus citations


This paper investigates the security and privacy of Internet-connected children's smart toys through case studies of three commercially available products. We conduct network and application vulnerability analyses of each toy using static and dynamic analysis techniques, including application binary decompilation and network monitoring. We discover several publicly undisclosed vulnerabilities that violate the Children's Online Privacy Protection Rule as well as the toys' individual privacy policies. These vulnerabilities, especially security flaws in network communications with first-party servers, are indicative of a disconnect between many Internet of Things toy developers and security and privacy best practices despite increased attention to Internet-connected toy hacking risks.

Original languageEnglish (US)
Article number8443103
Pages (from-to)978-985
Number of pages8
JournalIEEE Internet of Things Journal
Issue number1
StatePublished - Feb 2019

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Information Systems
  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications


  • Data security
  • Internet of Things (IoT)
  • privacy


Dive into the research topics of 'Security and Privacy Analyses of Internet of Things Children's Toys'. Together they form a unique fingerprint.

Cite this