Internet Toys - Akademia NASK
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
internet of Toys A Support or a Threat . to Child’s Development , Anna Rywczynska Przemyslaw - Jaroszewski 1
1. Introduction Toys integrating technologies are not world of toys. Communicative compa- new. Embedding advanced techno- nions—while ensuring an attractive logical functions, including micropro- way of spending their time, suppor- cessors which ensure interactivity dur- ting education, and teaching tech- ing play, already has a long tradition. nologies—also introduce considera- Talking dolls or remote-controlled ble challenges, mainly in the context racing cars are widely known. Such of privacy, data protection, as well as toys (as, for instance, AIBO dog-robot taking into account the social context. or Tamagotchi) were created as ear- Since toys based on the Internet in- ly as at the end of the 20th century. frastructure and mobile technologies However, smart connected toys ap- are potentially susceptible to all pro- pearing in recent years, as a natural blems, involving cybercrime, they continuation of the Internet of things create new challenges relating to (IoT), may revolutionise the children’s children’s cognitive development. Internet of Toys constitutes one of the most dynamically develo- ping sectors of economy. According to the Juniper Research re- port1, in 2017 the total number of commercial parcels including smart toys was respectively (in millions): 118.2 America 52.5 Europe 53.3 the rest of the world In China an increase by 47% is expected annually, on average, until 2022, which will correspond to 18% share in the global smart toy parcel market. 1 Juniper Research, Smart Toys: Market Summary 2017. 2
The problems related to Internet of In July 2017 the FBI’s Internet Crime things were initially related mostly to Complaint Centre issued a warning security of ICT networks. It was due to on its web page. It was aimed to en- the Internet of toys that it they became courage consumers to consider cy- applicable to children’s safety on-line. ber safety before introducing smart, In December 2016 FOSI (Family On- interactive, Internet-connected toys line Safety Institute) published the to their homes. In case of smart document titled Kids and the Con- toys, many questions still should be nected Home: Privacy in the Age of answered, including: how the safety Connected Dolls, Talking Dinosaurs, of data (frequently sensitive data) and Battling Robots in which the land- collected by devices looks like? What scape of the smart toy world is ana- happens to them? How are they pro- lysed from the viewpoint of safety and tected? Who can access them? How the grounds to apply the rights pro- can another person take control of vided for in COPPA (Children’s On- them? Taking into account potential line Privacy Protection Act) towards threats that may result from the fact toy manufacturers and suppliers of that you have a smart toy, it seems technologies implemented in them. important to make a conscious de- The said report also presents an cision when buying it. We hope this initial typology of interactive toys guidebook will help you. Its content is dividing them into three categories: the result of a project realised within • smart toys—toys containing ele- the framework of the NASK Nation- ments of ‘artificial intelligence’, i.e. al Research Institute titled ‘Internet ability to learn, process information of Toys—a Support or a Threat to received from a child, etc.—but Child’s Development.’ conducting all local analyses with- out sending any data to an external The project included: service centre; • connected toys—sending data • a pilot qualitative study in the form (e.g. photos, audio files) to an exter- of interviews concerning various nal service centre, but not containing attitudes and practices typical for elements of ‘artificial intelligence’; people with various levels of capi- • connected smart toys combining tal (economic, cultural), relating to the features of both abovemen- the use of digital devices belong- tioned groups; using resources ing to the category of the Internet of external service centre (where of things (IoT), in particular con- the data collected by a device nected smart toys; are sent) to communicate with the • a pilot quantitative study checking user. the level of smart toys popularisa- 3
tion and the level of knowledge correct implementation, as well as about their safety; the availability and efficacy of pro- • tests involving selected products tection against undesirable content. from the viewpoint of cyber threats and precautions implemented by The aim of our guidebook is to famil- the vendor, iarise potential purchasers with the - including information on privacy problems concerning smart toys. The and safety provided by manufac- presented definitions of notions and turers before purchase and in the phenomena, descriptions of function- inside packaging, alities and recommendations should - in technical terms: the types of facilitate the use of IoT technologies transmitted data, place where they at home, including interactive con- are stored and processed, their nected toys. protection (e.g. encryption) and its 4
2. Children—first consumers of new technologies Digital technology nowadays —the most quickly developing in the constitutes an inseparable part of entertainment sector, but more and everyday life and accompanies more frequently used in education— almost all activities we undertake, or AI (Artificial Intelligence) which either in our professional or private is anticipated to revolutionise the life. It is used for shopping, making industrial world. The IoT solutions are payments, booking holidays, becoming more and more popular. communication, and keep- They make it possible to collect, ing in touch with our friends. It is also process, and exchange data between part of our work, and is used to acquire items through the computer network. information and knowledge. Children grow up in the environment of digital The digital revolution phenomenon is technology virtually from their birth considered in the social, as well as and the average age they start to use educational and economic aspects, the Internet on their own is 9–10 years and the global economic situation is of age. Over 93% of Polish teenagers simply conditioned by the information stay practically non-stop on-line2, and society development. Complex and almost 80% households have access attentive approach to synergization to broadband Internet3. Over the last of technology with other spheres of few years a dynamic growth in using life, and development of digital com- mobile technologies by children and petences based on solid educational teenagers has been observed. Tab- foundations may bring about equali- lets and smartphones increasingly of- sation of opportunities and standards ten replace desktop computers. More of living in the society. It is thus ex- than 30% stay on-line almost all the tremely important to implement tech- time through their mobile phones4. nologies to children’s life in such Social media are developing, strong- a manner so as they could use them ly embedded in the mobile Internet to satisfy their developmental and sphere, as well as robotics, VR/AR social needs—while growing up sur- (Virtual Reality/Augmented Reality) rounded by digital devices. The de- 2 Survey: Nastolatki 3.0, NASK, December 2016. 3 GUS [National Statistical Office] report: Information Society in Poland in 2017. 4 Survey: Nastolatki 3.0, ibid. 5
velopment of global network involves in the brain. Nevertheless, results of not only opportunities, but also chal- studies5 are alarming: over 40% of lenges concerning safety of its us- 1-year and 2-year olds in Poland use ers. The Internet, which gives a vast tablets or smartphones, and among space for relationships and data ex- these every third child uses mobile change, may also expose users to devices every day or almost every such threats as: loss of privacy, ex- day and much longer than recom- posure to dangerous contacts, harm- mended. In the context of recommen- ful content, including those calling for dations issued by the World Health risky behaviour and those dissemi- Organisation, stating that children be- nating false information (the so-called low two years of age should not have fake news). Internet-related risks in- any access to devices equipped with clude also issues concerning dys- screens, it is clearly observed that functional use of the network, among digital world enters children’s lives in others, leading to Internet-addiction. a revolutionary manner, and frequent- Even properly selected information ly this process lacks conscious man- from the Internet may negatively im- agement on the part of their parents. pact child’s development, if it is in- troduced to their world too early or The guidebook covers a new phe- too intensely. Children whose cogni- nomenon in the context of children’s tive experiences are limited only to safety in the Internet—the interactive screen-equipped devices that begin to connected toys and ‘machine learn- replace their regular plays and differ- ing’. The issues may be divided into ent interactions with others and per- two main groups: ception of the real world with all sens- es, are even exposed to disorders in The intersection of the groups in- the development of neuron structures volves the area relating to privacy, 1. aspects rela- 2. aspects ting to technolo- relating to privacy gical threats, social threats. 5 The Use of Mobile Devices by Small Children in Poland, Millward Brown Poland for FDN, 2015. 6
since it may be the subject of ac- Alone together6. tions undertaken by cyber criminals, At the same time, it is worth taking who are able to create a false identity note of an additional aspect of chil- by accessing data recorded in chil- dren’s privacy, connected with the dren’s toys and use it for illegal pur- development of the Internet of things, poses. On the other hand, the toys namely the so-called wearable tech- themselves are recording various nologies—that is clothes and acces- interactions, including conversations sories with embedded computer and between the child and the toy, and advanced electronic technologies7. make them available to parents (or Many experts believe that8 such prod- other users of the application) without ucts, which seemingly are to increase knowledge or consent of the users child’s safety, may as a consequence (i.e. the children). The perspective of restrict children’s privacy and person- parents’ entering their child’s privacy al freedom, at the same time encour- zone was discussed during the Inter- aging them to accept supervision. net Governance Forum in 2016 by On the one hand, it is natural that a world-famous expert in the subject, parents want to take every opportu- John Carr. In his speech he indicat- nity to protect their children, but too ed the possible impact of connected much developed surveillance, aware- toys on relationships inside families ness of permanent monitoring on the through the use of toys as substitutes part of the parents and teachers may of real participation in child’s life. have a significant impact on young This problem is also emphasised by people’s behaviour and development. Professor Sherry Turkle in her book We should remember that children have the right to privacy. They need a private space to play and develop without feeling they are constantly monitored. zdj. Fotolia.com 6 Turkle Sherry, Alone Together, Basic Books 2011. 7 Acquired from: https://pl.wikipedia.org/wiki/Wearables. Access from 10.02.2018. 8 Acquired from: https://www.theguardian.com/sustainable-business/2016/feb/05/big-mother-gps -tracking-technology-threat-privacy-childhood. Access from 12.02.2018. 7
A very interesting perspective con- were very interesting; they wondered cerning privacy in children’s interac- how they could make use of them at tion with smart toys and parents’ ap- all. They thought that they would be proach to the opportunity to listen to able to learn about their children’s and monitor children’s conversations possible problems, the ones that was described in the pilot studies a child did not want to talk about di- conducted by experts from Wash- rectly, or to hear the words they did ington University ‘Toys that Listen: not want them to use. However, A Study of Parents, Children, and on the other hand, they started to Internet-Connected Toys’. The study imagine their own reaction, how they involved eight interviews with par- personally would feel, if they were ents and children (aged 6–10), dur- recorded without their knowledge. ing which they were introduced to the The web account for parents which workings of Hello Barbie and Cogni- accompanies Hello Barbie even en- Toy Dino. The parents’ observations ables them to publish their chilldren’s concerning the purport of recording recorded conversations in a social talks their children have with the toys portal. And all this can happen when, Fig. 1. Parents’ panel. On the right there are icons that enable them to publish recordings in the social media 8
in the majority of cases, the children robot as a social being, who you can do not realise at all that their conver- make friends with, share secrets with, sations with toy friends are recorded. who has got its own intelligence. 33% Most of the children participating in of the children would like to give the the interviews did not know that their robot voting rights, and 54% of them parents could listen to their conver- thought it was not fair to close the ro- sations with Barbie. One child, when bot in the box if the robot does not found out that the doll recorded the like it. Children aged 9–12 showed conversations, became even scared. a much higher tendency to personal- One of the recommendations from ise the robot than 15 year olds. the study involved the suggestion that children should be able to listen The studies indicated a strong ten- to their recordings directly from the dency on the part of children to build doll’s ‘interface’. Everybody agreed an emotional relationship with smart that manufacturers and parents had devices and trust them. Hence, there to notify children about all functionali- is an enormous threat that the child ties of the toys. may potentially interact with some- body who is able to take control over Social aspects of smart toys are also the toy, using a remote communi- related to the impact smart toys may cation protocol, such as Bluetooth. potentially have on the ability to build A stranger might also learn about authentic interpersonal relationships the secrets that the child shared with by children (the ones based on, inter a digital friend. On top of that, chil- alia, empathy, sensitivity, responsive- dren may be exposed to hidden ness, attentiveness, self-knowledge, commercials implemented in the toy reciprocity, interest) and9 on children’s (e.g. Cayla doll mentions popular cognitive development. An extremely snacks and sweets in its interactions interesting perspective for these con- with children). That is why it is very siderations was presented in the stud- important that parents are careful ies10 based on an experiment involv- when introducing smart toys to their ing ninety children aged 9–12 and 15. children’s world, take care about The study used a Japanese Robovie the proper balance in their social robot. The majority of children taking activities and protect their children’s part in the experiment recognised the privacy. 9 Kahn Peter H. Jr,, Shen Solace, NOC NOC, Who’s There? A New Ontological Category (NOC) for Social Robots, in: Nancy Budwig, Elliot Turiel, and Philip David Zelazo, eds., New Perspectives on Human Development, Cambridge University Press, 2017, p. 114. 10 Ibid., p. 106–123 9
Balance is crucial Potential consequences for Potential consequences for zdj. Fotolia.com cognitive development11: identity development: F support in learning: • impact on the perception • knowledge personalised of human–human relation- for the child, ships in the context of man • incessantly updated by –robot relationship a self-learning teacher (Shanyang 2006)12, but • transcendence: smart toys F risk of an educational as a new ontological bubble: category (Kahn et al. 2013), • fragmentation of knowl- • changes in the perception edge, being lost in afflu- of privacy, ence, algorithmic learning, • smart robots/toys as super- • risk of hidden marketing vising devices. effect on children Potential consequences for relationship development: compensation for unsatisfactory relationship in the real world (e.g. Kahn et al. 2013), functional diversification of relations, teaching the child the master–servant relationship (e.g. Kahn et al. 2013), loss of relationship authenticity (Turkle 2007). 11 Influence tables on children’s development presented at the Safer Internet Forum 2017 by dhr. prof. dr. J. (Jochen) Peter from the Amsterdam School of Communication Research/AscorR 12 Shanyang Zhao, ‘Humanoid social robots as a medium of communication’, New Media & Soci- ety, 2006 (3), p. 401–419. 10
3. Internet of Things The so-called Internet of Things (IoT) Vehicles also become part of the is a concept in which devices of every- Internet of Things (often connected day use are connected with one an- with fleet-management systems), as other, usually in a wireless way. This well as traffic lights, buildings and allows them to exchange data and their individual sub-systems, such often provides remote control mecha- as alarms or air-conditioning… Each nisms in a full or restricted scope. of the groups is completely different. In case of industrial systems, the pri- Such definition is obviously very gen- ority will be uninterrupted operation, eral and consequently somewhat since a failure of a power plant block problematic in use. First of all, the or a sewage treatment plant may spectrum of ‘things’ included in the cause serious consequences. For the Internet of Things is very wide. On the manufacturers of TV-sets or toys the one hand, we have devices used in in- most important element will involve dustrial systems: robots, smart gaug- the implementation of new functions es or switches. On the other hand, which may attract purchasers, and there are gadgets for individual con- make it possible to build a competi- sumers: watches, TV-sets, washing tive advantage. machines or, finally, toys. Very diverse are as well the techno- logical solutions used by smart de- vice manufacturers—starting from designs and computing platforms, through operating systems and ra- dio communication protocols, as well as ways to store and transmit data. For instance, for an initial configura- tion many consumer solutions use Bluetooth Low Energy, Wi-Fi Direct or NFC (and traditional Wi-Fi during normal operation), most often with zdj. Fotolia.com the use of a smartphone. 11
Finally, the borderline of the Inter- Components re-use such elements net of Things is rather symbolic and as network cards, BLE cards, video fluid. Smartphones may be a good cameras, etc. are usually used in example here. Basically, they should many similar devices manufactured be included into the group of IoT de- by various vendors. The same ap- vices (as, nomen est omen, ‘smart plies to programming libraries used telephones’). On the other hand, they in the device’s software. In case of constitute such mature solutions and some cheap smart devices, products are equipped in enormous computing of various brands may differ from power that we learnt to treat them as one another basically only with cas- a new class of portable computers, ings and visual elements of the user’s where using the GSM network for interface. Hence, finding that a fea- voice calls is just one of all the avail- ture is vulnerable in one of the typical able functions. elements has effects on many prod- ucts. Consequently, treating the Internet of Things as a whole makes limited Firmware updates: In order to fix an sense in particular when talking about error in the device’s software, a new its technical problems. Nevertheless, version must be published by the below we made an attempt to high- manufacturer, and then downloaded light the most important classes of and installed by the consumer. This problems common for smart connect- update process may be either auto- ed devices. matic or manual. In the latter case, users have to periodically check the Limited resources at the production manufacturer’s webpages for firm- stage: when designing the IoT de- ware updates and install them on vices, it is usually necessary to take their own. In any case, the manu- care about their compact size and en- facturer must ensure that consum- ergy efficiency. It may lead to a com- ers can verify the patch comes from promise between security (for exam- a trusted source, and was not modi- ple, using security strong cryptographic fied in any way. Another significant algorithms) and implementation of problem involves the fact that the additional functions. From the manu- availability of possible software up- facturer’s perspective, time is also dates after product purchase depends a vital resource. Any delay in marketing on the time the producer will support a new model of a product may mean the product. In case the producer losing a market share. They may be thinks such support is not profitable, it thus tempted to limit the tests, includ- may turn out that we are left with the ing the ones related to IT security. product that will not be repaired at all. 12
It is worth noting that such problems basically refer to all smart devices, regardless of whether they are Inter- net-connected (i.e. they are elements of IoT) or not. zdj. Fotolia.com 13
4. Perception and popularity of smart devices in Poland. Quantitative and qualitative studies Almost 25 billion IoT devices are expected to be in use globally by 202013, and in the opinion of experts over 70% of households will be equipped with such devices by 202514. This dynamically developing branch of technology becomes more and more popular in Poland. In order to zdj. Fotolia.com determine a current distribution of Internet of Things, defined as a next stage of digital revolution, enters every part of everyday life and industry. smart devices in Polish households, We speak about IoT, among with a particular attention to the others, in terms of smart popularisation and knowledge about economy, smart city, smart the Internet of Toys, quantitative and transportation, smart health qualitative studies were conducted or smart home. in mid-2017 which gave a broader overview of the perception and spread of IoT technologies. 13 https://www.gartner.com/newsroom/id/2905717. 14 https://www.forbes.com/sites/forbestechcouncil/2017/06/06/best-smart-home-devices-and -how-iot-is-changing-the-way-we-live/#578e929b43bd. 14
Quantitative studies The study performed with the use of Ariadna panel involv- ing Polish Internet users across the country, composed of N=1051 people. Quotas reflecting population aged 18 and over, grouped by sex, age, and town size. Period of study: 8–11 September 2017. Method: CAWI, and The study performed with the use of Ariadna panel, involv- ing Polish Internet users across the country, composed of N=1047 people. Quotas reflecting population aged 18 and over, grouped by sex, age, and town size. Period of study: 15–11 September 2017. Method: CAWI. Qualitative studies The study performed with the use of an in-depth interview (IDI) between July and September 2017. The interviews were conducted in places of respondents’ residence or their tem- porary stay. It was particularly important in order to conduct observation studies, confront the provided information with the situation accompanying the interview, take into account the information concerning popularisation and use of elec- tronic devices resulting from interior designs, presence of devices within sight during the interview etc. 24 interviews were performed with families selected accord- ing to the guidelines of the matrix, assuming diversification according to the place of residence, education level, number of children, and number of parents in the family (both par- ents/sole father/mother) 15
Is my fridge smart? ring to specific functions of an appli- ance (e.g. fast cooling of beverages), The quantitative studies were con- make their owners believe they are ducted twice. The first study showed part of Internet of Things. the respondents had difficulties to de- fine items belonging to the Internet of An example is shown in the below Things. It seems that marketing cam- chart presenting answers to the first paigns and rhetoric describing the question asked in the first edition of devices as ‘smart’, when in fact refer- the studies. Which of the following devices are in your household and have an Internet connection or can be connected to the Internet, i.e. they are ‘smart’ devices? 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% t e ne o en s g r s em as ng e r r se te he ne ht y dg di tin ov to er hi ov ni ea ra lig st ot itu TV a ab fri ac tio m he sy th pl ca m di e am e m th on m g ar in of ho rc al sh ne ai wa no 16
The obtained answers and high pos- in which the first question was divided session ratios of smart devices re- into two complementary questions: quired another study to be performed, Which of the following devices are in your household? 90.0% 80.0% 70.0% 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% o r ne e en em ys s g ng as e t r se te ne ht di dg in ov to er ni hi ov ea ra lig at st itu ab TV fri tio ac m sy he th pl ca di m e am e m th on m g ar in of ho rc al sh ne ai wa no And which of the devices in your household are connected to the Internet? 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% o r e ys ne en em s g s ng e t r se te ne ht ra di dg in ov to hi ov ni ea ra lig at st e u ab TV fri ac tio m t sy he h i pl ca t m di e am e m th on m g ar in of ho rc al sh ne ai wa no 17
As it can be observed, after ask- relation between the fact of having ing directly whether a given device a smart device and having knowledge is Internet-connected, the obtained about other IoT devices. data indicated a much lower distri- bution of IoT devices in households than resulted from the first panel. Who buys and who makes When analysing the data, how- decisions? ever, one should also take into ac- count the possibility indicated by Toys are purchased by virtually all so- the qualitative studies—namely, cial groups, of any age. Almost 80% that there is a situation in which re- respondents declared that they pur- spondents have a smart device chased toys, out of which 95% people (it mainly concerns TV-sets), but they were aged 25–34. do not connect it to the Internet, and use it only as a traditional TV-set. In some cases the respondents had the Do you buy toys for your children? most modern smart TV on the wall of their flat, but it was not connected to the Internet. 90.0% Moreover, the study showed that the 80.0% most common holders of smart TV (the most common smart appliance 70.0% in Polish households) are persons belonging to the age group 45–55, 60.0% living in small and medium-sized towns. People living in medium-sized 50.0% towns (20–99 thousand inhabitants), aged 25–44, are also the most com- 40.0% mon holders of smart alarm systems. Smart toys are rather rare at present 30.0% and their holders are most frequently people with higher education level, 20.0% aged 35–45, and living in big cities. 10.0% Interviews with the families confirmed the fact that people who have smart 0.0% devices very often are not aware what it means. There is also no cor- s No Ye 18
Women buy toys relatively more often for digital appliances shopping. Chil- (80.3%) than men (76.4%), however, dren are their advisers and motiva- it may change with regard to digital tors in the majority of cases. Women toys in the future since men tend to are mentioned as decision-makers treat their voice more important in only during interviews with sole moth- the decision-making process when ers. Additionally, there occur disput- purchasing electronic devices. The able situations: the spouses do not quantitative studies confirm obser- agree on who makes decisions about vations from the qualitative studies. purchases. Eventually, the argument In the majority of cases, fathers are to resolve the dispute was usually: quoted as decision-making persons who pays for the device. Who in your household has a decisive voice when buying electronic devices? it's hard to say others children mother father wife/husband/ partner myself 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 19
I decided How we evaluate IoT technology development 80.0% in the context of children? 70.0% How do you rate the fact that more 60.0% and more appliances can be connect- ed to the Internet, and can be remote- 50.0% ly managed from applications on your 40.0% smartphone, tablet, or computer? 30.0% 20.0% 40.0% 10.0% 35.0% 0.0% 30.0% e e al al m m fe 25.0% Another aim of the study was to 20.0% check how the respondents feel about development of the smart toys 15.0% market. The most positive attitude towards IoT development was shown 10.0% by citizens of big cities; they gave 10% more of ‘positive’ answers to 5.0% the question: How do you perceive the fact that more and more toys 0.0% can be connected to the Internet? po y ive ne al e Neutral and positive attitudes are sa tiv r ut sit ga predominant, though almost 30% to ne rd show great concerns. ha 20
The below chart shows that the attitude towards smart toys hope that greatest concern involves unautho- they will have a positive influence rised access to data. Interestingly, on children’s development, particu- respondents thought that the lowest larly in the educational context, and risk involved direct loss of money, e.g. they believe that it is a natural con- a bank account compromise or stolen sequence of digital revolution. Nev- credit card information. ertheless, they also have certain concerns, mainly related to overuse The qualitative studies also indicated of devices by children and the use a rather neutral attitude towards the of Internet as a time killer for young development of Internet technologies people. The negative evaluation of in the context of toys, whereas almost smart toys involved mainly concerns all of the answers were marked with about surveillance, loss of privacy, certain doubts. The parents most and killing children’s creativity. Both often paid attention to the issues in- in the qualitative studies and in the volving the protection of children’s quantitative studies it can be noted privacy, a risk of access to personal that concerns about loss of funds data; they were afraid that such toys (i.e. potential interception of account may provide false emotions to their data, logins, passwords) are not children and that potentially each mentioned as the main risk associ- child may be exposed to dangerous ated with IoT devices. contacts. People showing a positive What worries you the most about devices connected to the Internet? that someone may access my data without authorisation 27.1% that devices may collect 23.7% data without my knowledge that someone may take over control 20.3% of the device without authorisation that the device will stop 16.5% working due to an error that someone may steal my credit card details 8.5% other 3.9% 21
The objective of the study was also are not always willing to guarantee to determine the properties which are a longer period of toy operation. the most important for parents when choosing a toy. It was a multiple The question is to what extent atten- choice question. As presented in the tion paid to safety refers to physical chart, most respondents (65.5%) re- aspects of toys (the risk of swallow- garded safety as the most important, ing by small children, no adequate at- along with a large group (63.4%) who testations), and to what extent it will thought its adjustment to age is de- also include the problems relating to cisive. Price and child’s preferences Internet security. It should be noted were given the subsequent places. that the interviews were conducted Almost 50% are guided by durabil- in Polish, where ‘security’ and ‘safety’ ity when shopping, thus, it is worth are described by the same word. It is paying attention to this aspect in the therefore hard to determine which of context of smart toys since producers the two the respondents had in mind. Which features of the toy are most important to you when deciding about purchase? 80.0% 70.0% 65.5% 63.4% 60.0% 54.6% 52.6% 50.0% 47.9% 40.0% 30.0% 20.0% 10.0% 10.0% 5.1% 0.3% 0.0% ity e ice e y s r tio t he ilit nd ag nc ec rne n ur pr b ot re tre ec 's ra nn te fe ild co f In du /s nt e ch ty pr rre o fe to 's y cu sa ilit ld fit to sib i ch fit s po 22
Based on answers to the question with the technology. It seems like the concerning the frequency of talks known proverb: ‘All I know is that I conducted with children about In- know nothing’—the more we get to ternet security, it may be stated that know the Internet, the more we are this subject is still not mentioned in aware of the potential challenges ac- many households (15.1%), or it is companying the virtual world. very rare 38.5%). Frequent talks with children about on-line safety are declared more frequently women How often do you talk with your child (51.3%), than by men (39.1%), how- or children about the Internet safety ever, women are considerably rarely and the potential online threats? decision-makers and initiators of digital device purchases. During the interviews, parents very often replied that they had not talked with their children about safety in the Internet as they thought children knew more 38.5% about new technologies and parents 46.4% rarely did not keep up with it. Parents ad- often mitted they could not conduct such talks, and that they should know more about the subject and adjust 15.1% never the scope of the talk to their children’s age. At the same time, the majority of respondents thought that parents should be more responsible for their children’s education and protection An alarming fact consistently against on-line threats than school. It showing in responses is that the seems very interesting that the less parents pay little or no attention the respondents knew about technol- to terms and policies regarding ogies and digital activities of children, products and online services they the higher personal responsibility buy. Most respondents unanimously and role they saw, whereas persons answered that—when buying digital well familiarised with the digital world devices, downloading applications, and personally active Internet users using social media or other on-line thought that school should lead the services—they read neither their way in shaping digital competences, regulations nor the privacy policy. explaining that they could see per- Regulations are read only in cases sonally that parents did not keep up when people have concerns that 23
a given on-line service may involve terms and conditions payments, but still it is not a rule. That is why all parents expressed the need to be clearly informed about any function- alities and privacy policies concern- ing smart toys directly on the packag- ing or even on the toys themselves. It is worth noting that the data confirm conclusions from the previously quot- ed studies conducted by the Wash- ington University during which all par- ents who took part in the interviews had clicked a button to agree to their children’s use of the Hello Barbie doll and associated services without any hesitation or familiarising themselves with the privacy policy. Fig. 2 Parents’ consent app for having their Respondents would like manufac- child playing with Hello Barbie tures to feel responsible for adequate notifications to their potential cus- of IoT technologies into child’s life, tomers and protection of their data starting from conscious purchase, as required to operate the devices. well as subsequent consistent care Parents also appreciate all sorts of about children’s safety in the context guidebooks which could help them to of protecting their privacy and social take care about their children’s safety development. in the context of digital media. Results of the studies clearly show the need for awareness campaigns explaining the ideas, workings, and challenges of the Internet of Things. Consequently, the aim of this guidebook is primarily to describe the technological issues of smart devices, to present risks specific to smart connected toys, and to offer parents and carers tangible advice concerning conscious introduction 24
5. Smart toys under scrutiny. Tests and analysis of the issues As we have underlined above, this on the server. Thanks to the fact that guidebook is focused mainly on smart the analysis is made outside the toy, toys connected to the Internet. The the toy itself does not need a high connection usually means a certain computing power. Nevertheless, as type of interaction with the services it can be easily figured out, such a available on the server belonging model may pose a potential threat to to either the manufacturer or to a our privacy. cooperating third company. In case of each toy, the details concerning In order to check how secure such the interaction may look completely toys are in practice, we played the differently. Usually, however, the role of consumers and bought smart majority of raw data collected from the connected toys for testing. environment are sent to be processed Hello Barbie—a doll advertised as equipped with the function of interactive talk and voice recognition. It is equipped with a microphone. The child’s statements are sent to the cloud. The application on the server tries to recognise from a list of several such as ‘yes, ‘no’, conversation topics and provides an ‘answer’ from a list of several thousands recorded phrases. The doll is recommended for children aged 6–15. Fig. 3 Hello Barbie doll 25
Barbie Hello Dreamhouse—a smart doll house. It uses mechanisms similar to those of Hello Barbie in order to use voice commands to activate various func- tions of the doll house (e.g. playing the music or switching the lights on). The toy is recommended for children aged 3–10. Fig. 4 Barbie Hello Dreamhouse Fisher Price Smart Toy Monkey—uses microphone, video camera, and ac- celerometer for interactive play, responding to key words, activity cards (recog- nition with the use of video camera) or movement (e.g. tossing up). The toy is recommended for children aged 3–8. Fig. 5 Fisher Price Smart Toy Monkey 26
CogniToys Dinosaur—sends user’s voice messages to the server, the ap- plication in the cloud is powered by the IBM Watson system which generates answers in the form of natural conversations, quoting encyclopaedic data, tell- ing jokes, singing, etc. Recommended for children over 5. Fig. 6 Dinozaur CogniToys Before we discuss possible prob- Toy configuration is usually made lems in more detail, let us describe with the use of a smartphone. During the manner of operation of ‘smart this process, we will have to provide, connected’ toys. For all the toys we at least, a wireless network configu- tested it is possible to distinguish sev- ration (name and password) which eral stages, important from the point will be used by the toy to establish of view of understanding the core of a connection in the future. The informa- their operation: tion will be recorded in the toy’s mem- ory, though it may happen that they Registration in the manufacturer’s/ will be then sent to the manufacturer service provider’s server. We are (at least one of the toys we tested usually asked to create a user’s profile sent the name of the wireless network before the toy’s first use. The scope of it used). In this way, a specific toy is data provided at this stage varies—at connected with the user’s profile. least it is an e-mail address, but we may also be asked to state the child’s During normal use, the toy operates name and age. The profile data is in the following cycle: stored on the manufacturer’s server. 27
Collecting data from the user. The toy records the sound, image or ac- celerometer readings and sends them to the server (sometimes par- tially processed). Data processing on the server. Depending on the particular toy, for instance, a graphic symbol analysis or full voice recognition may be per- formed. The software on the server generates a response (e.g. a voice zdj. Fotolia.com message, a command for the toy to perform a certain action that the script version of the story told) and sends it to the toy. So, this is what the ‘smart- ness’ of the toy is embedded in. Presentation of result. Playing re- corded voice response, music, per- forming an action etc. line shop. What is important, all toys require a smartphone application to be configured. The application We are buying a smart toy may be unavailable for Polish users. Fortunately, the seller clearly informs None of the toys we tested was about the fact on the packaging (see available on the Polish market. We below the last line on the application purchased them in an American on- accompanying Hello Barbie). Fig. 7 Hello Barbie Application 28
From the description of the toys you • How does the toy exactly operate? learn that they are interactive and We may ask the seller for more smart and that they need to be con- information, asking for a demon- nected to the Internet (thus they are stration. We may also search the ‘smart connected’). However, it is not Internet for consumer reviews, easy to understand what their ‘smart- test results, demonstrative videos, ness’ precisely involves, or which etc. It is worth remembering that data are used by them. Some de- descriptions of smart toys and un- scriptions refer the user in small print derstanding of some phrases (for to the privacy policy on the manufac- instance, an ‘interactive talk’) may turer’s page. So, this is to some ex- be different for people responsi- tent ‘a pig in a poke’. ble for marketing and for us. • What data does the toy collect? Where are they stored? Who has access to them? We should find the answers in the privacy policy on the manu- facturer’s web page. There may be an exact reference link on the box or in the instruction manual (often available to download from the web page) to the document or, at least, the main web page address of the manufacturer. As a last resort, we may look for Fig. 8 Privacy issues of the Hello Barbie doll the technical support section on the web page and ask them for more information. When we unboxed the toys, we con- • How are the data sent between cluded that, after all, we were in a bet- the toy and the manufacturer’s ter situation than the consumers who server protected? decided to buy the toy after seeing it in By default we should expect the the shop. There is hardly any informa- data to be encrypted. However, tion on the packaging on how the toy this is not always the case. Be- operates, not to mention the details sides, the encryption itself does about technological solutions used. not guarantee that the data will not be intercepted. Unfortunately, it is What questions should be asked, in no use looking for exact informa- our opinion, before we buy such toys? tion in any documentation provid- 29
ed with the toy. It is worth sending a question to the manufacturer’s technical support department, and searching for tests of the toy on in the Internet. Maybe some- one has already proved that it is insecure? And maybe just the op- posite? • How can the software be updat- ed? All toys tested by us automatically checked for updates each time Fig.9 Information on the toy updates they were switched on. However, we did not find any information If we manage to collect all, or—at about that in the instruction man- least—most of the answers, we uals. Thus, it is worth asking the should consider possible risks, and technical support team before we decide whether we consciously want buy the toy. to purchase the toy. • How long will the product be supported? The producer may stop providing We have the toy updates any time, which means that any possible errors will not Some toys process only a very limited be removed. Worse still, the set of data. In this case, we may only server itself, which is responsible be afraid that somebody may modi- for the toy ‘smartness’, may be fy the software in such a way that a switched off, which will make the video camera, a microphone or a mo- toy almost useless. In the case tion sensor may record more than the of one of the toys we bought, producer assumed (Is the toy sec- such information can be found ond-hand? Do we trust the seller?). in its marketing materials. How- Some other toys send a complete set ever, it is easy to be overlooked. of records of conversations between We even did not find it on the the child and the toy to the manufac- box! turer, and—apart from the record- ings—also their transcriptions are stored that may be used for machine analyses. In such a scenario, it is ex- tremely important to encrypt the data for transmission, as well as to protect 30
them against unauthorised access necessary to create an account on by third parties while stored. In other the manufacturer’s web page at the words, we need to have confidence in first use. At this stage we had to ac- the service provider contents and in cept all terms and conditions includ- his technical competences. ing the privacy policy. Though we tend to skip such messages with a quick It is worth noting that all toys we ‘Next’, in this case we recommend to tested were addressed for English- read the documents carefully. They describe what data are collected, who can process them and for what purpose. In the most extreme cases, the manufacturer declared disclosing of all data (including recordings of the child’s conversations with the toy) to third parties, almost without any limi- tations. You will find a wide analysis of this issue further in this guidebook. The installed application is used to zdj. Fotolia.com pre-configure the toy. In particular, to set the access data to a wireless net- work and to connect the toy with the user’s account. Wi-Fi Direct or Blue- speaking customers. It is very tooth are most often used to connect important in particular in the scope the toy. In both cases the connection of the voice recognition function. is established without any authorisa- In our tests the algorithms did tion on the part of the toy; it does not not cope very well with this task require any PIN or password. Con- (even during ‘conversations’ with sequently, we recommend that the a native speaker). It may pose even initial connection and setup shall be a greater problem of children’s frus- performed in a place where there is tration as their pronunciation is natu- no risk that an unauthorised person rally less clear and the language— will intercept the connection for ill pur- less correct. poses. It should be noted that the use of application is usually only required The first task we had to complete be- to configure and reconfigure the toy fore we started using each of the toys (e.g. when adding a new Wi-Fi net- was to install and start the dedicated work). Once configured, a toy will op- application on a smartphone. It was erate independently as long as it can 31
connect to a known Wi-Fi network. the software for the doll. Unfortunate- The place where the toy is used is ly, in one of the toys the encryption also of importance, exactly due to the was poorly implemented and not all Wi-Fi networks that the toy ‘remem- the data were protected. In particular, bers’ since the toy will connect to any it was possible to install a fabricated Wi-Fi network which will have identi- update. On the other hand, a properly cal configuration (name, security pro- used and adequately strong encryp- tocol, password)—even if it is broad- tion prevents us from checking what casted e.g. by a malicious neighbour. data are collected by the toy only on Anyone in control of a Wi-Fi device the basis of the analysis of traffic bet- to which the toy gets connected may ween the toy and the server. redirect the communication between the toy and vendor’s server, poten- All the toys we tested are equipped tially eavesdropping or modifying it. with the automatic updating mecha- The same risk applies when we con- nism. When connected to the Wi-Fi sciously use public networks if we network, they check the manufac- do not know who administers such turer’s website for the most recent networks, or whether they have been available software updates, down- intercepted. load, and install them if required. As we mentioned above, it is extreme- In order to protect the user’s priva- ly important that the cryptographic cy and ensure that the data is sent mechanisms ensure that updates to the proper server, manufacturers are actually a safe source. An unau- may apply cryptography, for instance thorised change in the toy’s software by using the popular SSL/TLS proto- might result in any use of periph- cols. During the tests we checked if eral devices the toy is equipped with this is the case. The majority of toys (i.e., first of all, a microphone or passed the test with no reservations, a video camera) and transfer of data not only encrypting the transfer, but to any server, without any control. also verifying whether the other party indeed belongs to the manufacturer It is worth emphasising that all toys we and, consequently, refusing to com- tested collect data only in response to municate with the substitute server the user’s conscious interaction (typi- we provided. It was also the case with cally a push of a button). This is good Hello Barbie doll which was declared news since it means that the toys are in 2013 as susceptible to such a type not ‘listening’ all the time and they do of attacks. It means that producers not send data to the manufacturer if have obviously removed the problem we do not wish so, or if we are not and ensured an adequate update of aware. 32
toy is not connected to the network We also posed a question whether (for instance, the messages greeting the ‘smartness’ of the toys may be the child or notifying about errors). used against the child, for example, by teaching them an aggressive or ‘Smart’ toys are nothing more than vulgar behaviour. In case of the ma- electronic devices adjusted to com- jority of the toys, the answer turned municate with the outer world through out to be very simple, due to their lim- embedded sensors (e.g. a micro- ited ability to interact and no possibil- phone or a video camera), as well ity to generate messages outside the as with the Internet through standard scope of pre-defined scripts (even if network interfaces (e.g. Wi-Fi, Blue the script included over 8000 phras- Tooth). es, as was the case of Hello Barbie). As far as CogniToys Dino is con- One of many aspects concerning the cerned, the potential seemed to be broadly understood safety of ‘smart higher because it uses the IBM Wat- toys’ is the possibility to get a physical son system and generates responses access to elements responsible for based on an extended (and probably communication or data storage. This constantly broadened) knowledge is especially applicable when such base. However, the producer took a toy originates from the secondary care of unsuitable content filters, ei- market. On the other hand, when ther by limiting access to undesirable content or responding adequately to any attempts of the testing persons’ ‘unsuitable behaviour’. Physical safety of the toy Another way of ‘attacking’ a smart toy is through a physical access to its systems and an attempt to recover or zdj. Fotolia.com modify data and software. The data recorded by the toy include names and passwords to Wi-Fi networks or the user’s account data. In turn, apart from the software itself, the elements such as audio messages may be modified that are available when the 33
the toy has been lost or stolen, the functional elements (see Fig. 11): new owner might retrieve sensitive A wireless network module—Azure- data from the device. There is also Wave AWCU300E 802.11 b/g/n, a possibility that somebody may 1. Memory storing the software and insert additional functions to the all data—Gigadevice GD25Q16 toy, enabling—for instance—to 16Mbit SPI Flash, eavesdrop children during their play 2. An audio module responsible for or household members who are processing signals from the micro- within the scope of the embedded phone and sound reproduction— video camera or microphone. Nuvoton NAU8810 24bit. Hello Barbie It seemingly does not differ from the other dolls of the producer, however, Fig. 11 Opened Hello Barbie doll Should anyone unauthorised have physical access to the doll, the most exposed element is the memory because all its content can be read. During the analysis it was shown that in order to read the whole memory content, it is enough to solder out the element and read it with the use of a reader. The memory is divided into sections due to its functional areas. Fig.10 Hello Barbie with accessories. • Section no. 1 includes the so- called Boot loader which enables it is equipped with a docking station the toy’s software to run. and a charger (see Fig. 10). • Section no. 2 contains configu- When we undress and open ration of the toll with relevant the doll, we can see a printed credentials for a Wi-Fi network. circuit board and identify all It is worth noting that it was not 34
to purchase it—they should check possible to read the data, be- whether the doll had not been opened cause they were encrypted. before. In the case of Hello Barbie doll, • Section no. 3 contains the soft- the majority of physical interference ware to control the doll. attempts should leave some traces. • Section no. 4 contains software The easiest way to check it is by for a Wi-Fi module. looking at the cracks where two parts • Section no. 5 contains all audio of the doll come into contact with each files used offline. other. Since the doll is to a certain degree glued inside, the access to its We do not have an easy access to interior part requires some physical sensitive data recorded in the doll’s strength which normally leaves memory. Difficult, onerous, and re- traces on the edges (see Fig. 12). quiring specialised knowledge modi- fication of the software or audio files Photos of Hello Barbie were taken form: https:// fccid.io/PIYDKF74-15A5W and recorded in the memory is still pos- http://somersetrecon.com/s/HelloBarbieSecuri- sible. tyAnalysis.pdf. Doll users should be forewarned that Dream House they should be very careful when buying the toy on the secondary A smart home made by the same market, and—if they still decided producer as the Hello Barbie doll. Af- ter opening we can see two printed circuit boards out of which the green one is worth analysing (see Fig. 13). At the first glance, it looks similarly as the circuit board from the Hello Bar- bie doll. We can identify the same functional blocks on the board as in the case of the Hello Barbie doll. Figure 14 shows the individual modules: 1. A wireless network module, 2. Memory storing the software and all data—Winbond W25Q128FV, Fig. 12 Traces left when a Hello Barbie doll has 3. An audio module responsible been opened for processing signals from 35
You can also read