2024-03-20 07:38:31
- Kaspersky experts warn that among other risks is that sensitive data such as your name, gender, age and location may be compromised.
Kaspersky analysts have discovered that vulnerabilities in a popular robot and smart toy might make children potential targets for cybercriminals. The weak points would allow them to take control of the toy system and use it to secretly communicate with children via video chat, without the need for parental consent. The risks associated with the application of the robotic system extend to the danger that sensitive data such as the name, gender, age and even location of the users may be compromised.
The robot, designed for children, has an Android operating system and is equipped with a video camera and a microphone. It takes advantage of Artificial Intelligence to recognize and interact with children by name and adjust its responses based on the child’s mood, becoming familiar with them. To take advantage of the toy’s full potential, parents must download the app on their mobile device. Through this app, parents can track the child’s progress in their learning activities and even start a video call with the child through the robot.
During initial setup, parents are prompted to connect the toy to a Wi-Fi network, pair it with their mobile device, and then provide the child’s name and age. During this phase, Kaspersky experts have discovered a worrying security issue: the API (application programming interface) responsible for requesting this information lacks authentication enforcement, a step that confirms who can access network resources. This allows cybercriminals to intercept and access various types of data – including the child’s name, age, gender, country of residence and even her IP address – by capturing and analyzing network traffic.
What’s more, this flaw also allows them to exploit the robot’s camera and microphone, initiating direct calls to users, bypassing the necessary authorization of the tutors’ account. If a child accepts this call, a cyber attacker can communicate covertly. In these cases, the cybercriminal might manipulate the user, causing him to leave the safety of her home or influencing him to adopt risky behaviors.
Additionally, security issues in the parent’s mobile app might allow a cybercriminal to gain remote control of the robot and gain unauthorized access to the network. Using brute force methods to recover the six-digit password (OTP), and with no limit on failed attempts, they might also remotely connect the robot to their own account, causing its owner to lose control of the device.
“When purchasing smart toys, it is essential to prioritize not only their educational and entertainment value, but also how their security is configured. Despite the common belief that a higher price means greater security, it is essential to understand that even the most expensive smart toys may not be immune to vulnerabilities that attackers can exploit. Therefore, parents should carefully examine toy reviews, pay attention to software updates on smart devices, and closely monitor their children’s activities during playtime.states Nikolay Frolov, Principal Security Analyst at ICS CERT at Kaspersky.
To keep all smart devices safe and secure, Kaspersky experts recommend:
- Keep devices up to date: Regularly update the firmware and software on all your connected devices, including smart toys. These updates usually contain crucial security patches that fix known vulnerabilities.
- Research before you buy: Before purchasing a smart toy or any connected device, it is important to learn regarding the manufacturer’s reputation for security and privacy. Choose devices from well-known brands that prioritize security and offer regular updates.
- Be careful with application permissions: it is essential to review and limit the permissions granted to mobile applications associated with the smart device. Simply provide the necessary access to features and data, and avoid granting excessive privileges.
- Turn off the smart toy when not in use to avoid data collection. If the device has a microphone, it should be stored in a hard-to-reach place when it is not active, and the cameras should be covered or diverted when not in use.
- Use reliable security solutions that help secure and protect the entire ecosystem of a smart home.
You can find more information regarding threats in smart toys at Securelist.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep expertise in threat intelligence and security is constantly transformed into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the world. . The company’s extensive security portfolio includes protection of endpoints leading and a series of specialized security solutions and services, as well as cyber immunity solutions to combat the most advanced and evolving digital threats. More than 400 million users are protected by Kaspersky technologies and we help 220,000 corporate customers protect what they value most. Get more information at
1710924185
#Vulnerabilities #smart #toys #put #children #risk #interacting #cybercriminals #Tierramarillano #News #Atacama #Chile
