2024-02-29 14:50:52
There are three important rules that owners of interactive toys must follow.
Kaspersky Lab discovered a vulnerability in a popular smart children’s toy. The research was presented at MWC 2024. transmits company press service.
The laboratory did not name the specific model of the toy, so as not to expose the manufacturer. Experts described the toy as an interactive Android device with a display, microphone, camera and wheels for movement. The robot might turn on educational games, communicate with the child and communicate with parents via video conference.
It turned out that before using the toy for the first time, the parent needed to connect the robot to the smartphone through a special application. When turned on, the toy asks you to select Wi-Fi, link the robot to an adult’s phone and enter the child’s name and age. That’s when the problems started.
What problems did the experts find?
Firstly, information regarding the parent’s email and the child’s name was transmitted to the manufacturer’s servers using the outdated HTTP protocol (without encryption). If the manufacturer used the HTTPS protocol, leaks might have been avoided.
Secondly, the toy did not have reliable protection that would save users’ data from being leaked. Not the most professional scammer might easily connect to the robot remotely and find out everything regarding the owners: IP address, country of residence, name, gender and age of the child. Scammers might also find out the parent’s phone number and email.
Thirdly, the toy did not have support for end-to-end encryption during video calls. Nothing prohibited scammers from using the robot’s camera and microphone to call children. If the child accepted the challenge, the attacker might begin to communicate with the minor for selfish reasons.
Fourthly, the toy did not have protection once morest password hacking – scammers might hack the parent account with simple brute force.
When purchasing smart devices, you need to pay attention not only to their entertainment and educational options, but also to their level of security. However, you should not rely on price – even the most expensive smart devices can have vulnerabilities that can be exploited by attackers.
Nikolay FrolovSenior researcher Kaspersky ICS CERT
What is important for parents to know:
- Buy smart toys from well-known and large brands;
- Regularly update the toy’s software and its proprietary mobile application;
- Limit access to unnecessary settings for applications from smart toys;
Manufacturers of such toys, for their part, must carefully test the security of their products and infrastructure and responsibly inform customers regarding possible threats.
Earlier in Russia they talked regarding a fraud scheme involving updating bank mobile applications.
Nikita Laktyushin
1709232017
#Childrens #robot #toys #turned #dangerous #parents
