An Investigation into the Privacy and Security Risks of Smart Toys in New Zealand

aut.embargoNoen_NZ
aut.thirdpc.containsNoen_NZ
dc.contributor.advisorNisbet, Alastair
dc.contributor.authorGirvan, Nicole
dc.date.accessioned2020-06-04T23:06:55Z
dc.date.available2020-06-04T23:06:55Z
dc.date.copyright2020
dc.date.issued2020
dc.date.updated2020-06-04T22:55:35Z
dc.description.abstractSmart toys are a growing portion of the children’s toy market. They offer a unique and personalised play experience via the use of onboard sensors, internet connectivity, and innovative technology. International research has shown that the smart toy environment can be insecure and vulnerable to cyberattacks and can place children at risk. Smart toy security and privacy must be understood to protect children; however, to date, the literature has not addressed this in the New Zealand context. To address this gap in the literature, this study investigates whether smart toys pose any security or privacy risks to New Zealand users. It asks, what common security and privacy impacting vulnerabilities are found in smart toys currently available for purchase by New Zealanders? Furthermore, what levels of privacy and security concern and awareness do New Zealand parents and guardians have regarding smart toy use? An anonymous online survey targeting New Zealand parents/guardians was designed. A total of 394 respondents answered 32 questions to determine their levels of concern and awareness around the privacy and security of smart toys. A security testing methodology was also used to assess a collection of smart toys to determine if they contained security or privacy vulnerabilities. Analysis of survey responses showed a high average level of concern of New Zealand parents/guardians (M = 8.26, SD = 1.7) around the security and privacy risks of using smart toys. The survey also revealed a low overall level of awareness regarding security and privacy risks when using smart toys, with participants answering an average of 14.5 out of a possible 30 (SD = 5.66) questions accurately. Analysis of the results from the physical security testing of a selection of smart toys showed insufficient authentication weaknesses, including unauthenticated Wi-Fi connections, unauthenticated Bluetooth pairing, and weak or no password use. Insecure data transfer was demonstrated, with some toys using no encryption for communication. Insufficient privacy protection weaknesses including the unreasonable collection of personally identifiable information, a lack of parental control mechanisms, and the use of non-random device identifiers, were also present. Based on these results, it can be concluded that smart toys pose security and privacy risks to New Zealand users, and that greater focus should be placed on educating parents and guardians about the potential risks these products pose and how to mitigate them. Smart toy manufacturers and legislators should additionally consider addressing the high levels of concern seen regarding these issues by focusing on safer smart toy design and strengthening existing privacy legislation for children’s products.en_NZ
dc.identifier.urihttps://hdl.handle.net/10292/13372
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.rights.accessrightsOpenAccess
dc.subjectSmart Toysen_NZ
dc.subjectPrivacyen_NZ
dc.subjectSecurityen_NZ
dc.subjectIoTen_NZ
dc.subjectNew Zealanden_NZ
dc.titleAn Investigation into the Privacy and Security Risks of Smart Toys in New Zealanden_NZ
dc.typeThesisen_NZ
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Information Security and Digital Forensicsen_NZ
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
An Investigation into the Privacy and Security Risks of Smart Toys in New Zealand_Final.pdf
Size:
6.29 MB
Format:
Adobe Portable Document Format
Description:
Thesis
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
897 B
Format:
Item-specific license agreed upon to submission
Description:
Collections