2024-02-29 14:50:52
There are three important rules that owners of interactive toys must follow.
Kaspersky Lab discovered a vulnerability in a popular smart children’s toy. The research was presented at MWC 2024. transmits company press service.
The laboratory did not name the specific model of the toy, so as not to expose the manufacturer. Experts described the toy as an interactive Android device with a display, microphone, camera and wheels for movement. The robot could turn on educational games, communicate with the child and communicate with parents via video conference.
It turned out that before using the toy for the first time, the parent needed to connect the robot to the smartphone through a special application. When turned on, the toy asks you to select Wi-Fi, link the robot to an adult’s phone and enter the child’s name and age. That’s when the problems started.
What problems did the experts find?
Firstly, information about the parent’s email and the child’s name was transmitted to the manufacturer’s servers using the outdated HTTP protocol (without encryption). If the manufacturer used the HTTPS protocol, leaks could have been avoided.
Secondly, the toy did not have reliable protection that would save users’ data from being leaked. Not the most professional scammer could easily connect to the robot remotely and find out everything about the owners: IP address, country of residence, name, gender and age of the child. Scammers could also find out the parent’s phone number and email.
Thirdly, the toy did not have support for end-to-end encryption during video calls. Nothing prohibited scammers from using the robot’s camera and microphone to call children. If the child accepted the challenge, the attacker could begin to communicate with the minor for selfish reasons.
Fourthly, the toy did not have protection against password hacking – scammers could hack the parent account with simple brute force.
When purchasing smart devices, you need to pay attention not only to their entertainment and educational options, but also to their level of security. However, you should not rely on price – even the most expensive smart devices can have vulnerabilities that can be exploited by attackers.
Nikolay FrolovSenior researcher Kaspersky ICS CERT
What is important for parents to know:
- Buy smart toys from well-known and large brands;
- Regularly update the toy’s software and its proprietary mobile application;
- Limit access to unnecessary settings for applications from smart toys;
Manufacturers of such toys, for their part, must carefully test the security of their products and infrastructure and responsibly inform customers about possible threats.
Earlier in Russia they talked about a fraud scheme involving updating bank mobile applications.
Nikita Laktyushin
1709232017
#Childrens #robot #toys #turned #dangerous #parents