A Security Threat Analysis of Smart Home Network with Vulnerable Dynamic Agents

  • Laura RaffertyEmail author
  • Farkhund Iqbal
  • Patrick C. K. Hung
Part of the International Series on Computer Entertainment and Media Technology book series (ISCEMT)


This chapter presents a security analysis of a smart home network containing vulnerable dynamic agents in the form of smart toys. As a case study, a smart toy is used as an example of an Internet of Things (IoT) device which could be potentially used as a vector into the smart home network. This chapter discusses a threat model for smart home security with a focus on the smart toy as an entry point into the network and what a threat actor could potentially achieve through this relatively new type of threat to the home.


  1. ABI Research (2014) The internet of things will drive wireless connected devices to 40.9 billion in 2020. Retrieved Nov 2016, from
  2. Canonical (2017) Taking charge of the IoT’s security vulnerabilities. Ubuntu, Douglas,
  3. Cook DJ (2012) How smart is your home? Science 335(6076):1579–1581CrossRefGoogle Scholar
  4. Crandall AS, Krishnan NC, Thomas BL, Cook DJ (2013) CASAS: a smart home in a box. Computer 46(7):62–69CrossRefGoogle Scholar
  5. Cybersecurity Ventures (Q4 2016) Cybersecurity market report: market sizing & projections. Cybersecurity ventures. Retrieved from
  6. Diogenes Y, Betts D (2017) Internet of things security architecture. Retrieved May 2017, from Microsoft Azure:
  7. Evans PC, Annunziata M (2012) Industrial internet: pushing the boundaries of minds and machines. General electricGoogle Scholar
  8. Federal Bureau of Investigation (2015) Public service announcement: internet of things poses opportunities for cybercrime. United States Federal Bureau of Investigation, Washington, DC. Retrieved from Google Scholar
  9. Franceschi-Bicchierai L (2016) Internet of things malware has apparently reached almost all countries on earth. Motherboard. Retrieved Apr 2017, from
  10. Gartner (2015) Gartner Says 6.4 Billion Connected “Things” Will be in Use in 2016, Up 30 Percent from 2015. Retrieved Nov 2016, from
  11. Goodin D (2015) 9 baby monitors wide open to hacks that expose users’ most private moments. Retrieved 5 Dec 2016, from
  12. Heiles J (2015) AIOTI WG03 IoT standardisation. Platforms for connected factories of the future workshop. Brussels. Retrieved from
  13. Hernan S, Lambert S, Ostwald T, Shostack A (2006) Uncover security design flaws using the STRIDE approach. MSDN Magazine.Google Scholar
  14. Higginbotham S (2015) 5 reasons why the ‘smart home’ is still stupid. (Fortune) Retrieved 5 Dec 2016, from
  15. Hunt T (2015) When children are breached – inside the massive VTech hack. Retrieved Dec 2015, from
  16. International Telecommunication Union (2012) Series Y: global information infrastructure, internet protocol aspects and next-generation networks – overview of the internet of things. Telecommunication Standardization Sector of ITU (ITU-T).Google Scholar
  17. Internet-Connected Hello Barbie Doll Can Be Hacked (2015) Retrieved 5 Dec 2016, from
  18. IoT Security Foundation (2016) About Us. (IoT Security Foundation) Retrieved 5 Dec 2016, from
  19. Kaspersky Lab (2016) Predictions for 2017: ‘indicators of compromise’ are dead. Kaspersky Security Bulletin.Google Scholar
  20. L&T Technology Solutions (2014) Security considerations for internet of things. L&T Technology Solutions.Google Scholar
  21. Lewis JA (2015) Managing risk for the internet of things. Center for Strategic and International Studies (CSIS), Washington, DCGoogle Scholar
  22. Links C (2012) The new smart home is the really smart home. Retrieved Apr 2017, from Wireless Design Magazine:
  23. McAfee Labs (2016) 2017 threats predictions. Intel Security.Google Scholar
  24. Meier J, Mackman A, Dunner M, Vasireddy S, Escamilla R, Murukan A (2003) Chapter 3: threat modeling. In: Improving web application security: threats and countermeasures. Microsoft Corporation. Retrieved from
  25. Michele B, Karpow A (2014) Watch and be watched: compromising all smart TV generations. IEEE 11th Annual Consumer Communications & Networking Conference (CCNC) – Security Privacy and Content Protection. Las VegasGoogle Scholar
  26. Microsoft (2005) The STRIDE threat model. Retrieved Apr 2017, from Microsoft Developer Network:
  27. Mills K-A (2017) Hackers can unlock your home’s front door with innocent looking DOLL and you won’t even know they’ve done it. Retrieved Apr 2017, from Mirror:
  28. Munro K (2015) New Wi-Fi kettle, same old security issues? Meh. Retrieved 5 Dec 2016, from
  29. Munro K (2016) Yet another vulnerability in the smarter Wi-Fi Kettle. Retrieved 5 Dec 2016, from
  30. National Institute of Standards and Technology (NIST) (2013) Guidelines for managing the security of mobile devices in the enterprise. United States Department of Commerce. NIST Special Publication 800–124. Retrieved from
  31. Nedeltchev P (2015) The internet of everything is the new economy. Retrieved Nov 2016, from
  32. Newlands M (2016) 6 disruptive trends in technology for 2017. Retrieved 6 Dec 2016, from
  33. Open Web Application Security Project (OWASP) (2013) OWASP Mobile Security Project – Mobile Threat Model. Retrieved Feb 2015, from
  34. OWASP (2013) Application threat modeling. OWASP. Retrieved from
  35. OWASP (2015) IoT attack surface areas (draft). Retrieved May 2017, from OWASP IoT Attack Surface Areas Project:
  36. Rafferty L (2015) A location privacy model and framework for mobile toy computing. University of Ontario Institute of Technology, CanadaGoogle Scholar
  37. Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Comput Netw 2013(57):2266–2279CrossRefGoogle Scholar
  38. Schneier B (2014) The internet of things is wildly insecure – and often unpatchable. (Schneier on Security) Retrieved 5 Dec 2016, from
  39. Shields T, Pelino M, McClean C, Duong J, Maxim M, Blackborow J, Dostie P (2016) Secure IoT as it advances through maturity phases: predict and prevent attacks targeting the internet of things. Forrester. Retrieved from
  40. Sorrell S (2015) Connected homes: getting smarter. Juniper Research, HampshireGoogle Scholar
  41. Tagade K (2016) Top 7 cyber-security predictions for 2017 and beyond. (iamwire) Retrieved 6 Dec 2016, from
  42. Tierney A (2016) Pwning CCTV cameras. Retrieved 5 Dec 2016, from
  43. U.S. Department of Homeland Security (2016) Strategic principles for securing the Internet of Things (IoT). U.S. Department of Homeland Security. Retrieved Nov 2016, from
  44. United States Federal Bureau of Investigation (2015) Public service announcement: internet of things poses opportunities for cyber crime. Retrieved Nov 2016, from
  45. VTech (2016) FAQ about Cyber Attack on VTech Learning Lodge. Retrieved Apr 2017, from VTech Press Releases:
  46. Williams J, Wichers D (2017) OWASP Top 10: the ten most critical web application security risks. The Open Web Application Security Project (OWASP)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Laura Rafferty
    • 1
    Email author
  • Farkhund Iqbal
    • 1
    • 2
  • Patrick C. K. Hung
    • 1
  1. 1.Faculty of Business and ITUniversity of Ontario Institute of TechnologyOshawaCanada
  2. 2.College of Technological Innovation, Zayed UniversityDubaiUAE

Personalised recommendations