Children's tablet leaks location and enables unsolicited messages from strangers

LeapFrog's LeapPad tablets are some of the most popular among young children and until recently, highly unsecure

Child using tablet

Security researchers have discovered serious security vulnerabilities in LeapFrog's popular children's LeapPad Ultimate tablets that could allow a hacker to track the location of a child and talk to them through the device's in-built chat app 'Pet Chat'.

Researchers from Checkmarx used a site called WiGLE which allowed anyone to search for a child's location by simply searching for SSIDs that included 'PetChat' because the app created a Wi-Fi ad-hoc connection whenever it was being used. Locations could then be discovered on public Wi-Fis and tracked MAC addresses.

Another issue discovered was that Pet Chat didn't require any authentication between a parent's and child's device which meant that anyone within a 100ft radius could send a message to a child through the app.

Combining these two in large cities could result in awful consequences. Researchers proved that evil attackers could easily scan cities for locations that were highly populated with children and send messages such as "Let's go! Play outside together".

Advertisement - Article continues below
Advertisement - Article continues below

In a separate vulnerability, researchers proved that the same devices were also susceptible to man-in-the-middle (MiM) attacks using Wi-Fi Pumpkin, a rogue access point framework.

Using Wi-Fi Pumpkin, attackers can spoof an existing Wi-Fi network, such as a restaurant's, and then force users who were already connected to the original network onto the spoofed one created by the attackers.

LeapPad devices were especially vulnerable to this attack because their outgoing traffic wasn't encrypted over HTTPS, instead, it used a clear text HTTP protocol which allowed attackers to steal sensitive information from the device including credit card information, account balances, name and address of the parents. Additionally, the name, gender, birth year and birth month of the child were also harvestable.

"The vulnerabilities we uncovered during this research would likely create worrying scenarios for parents, concerning their children's usage of LeapPad," said David Sopas, application security research team leader. "LeapFrog did take several measures to secure these tablets to protect children. However, just a few vulnerabilities can be combined to create some very harmful attack results."

These issues highlight a consistent trend with IoT-enabled devices just not being built with security at the forefront of the manufacturer's priorities.

"IoT devices are often the weak link in the network because manufacturers have not designed them with security in mind and consumers do not have the tools or knowledge to enable them to secure the devices after they've purchased them," said Cody Brocious, head of hacker education at HackerOne.

Advertisement - Article continues below

"Security experts have been warning for years about the security risks introduced by insecure smart home assistants, connected children's toys and baby monitors, smoke detectors, door locks, smart cameras, smart TVs, smart speakers, wearable health trackers and connected washing machines," he added.

When Brocious said experts have been warning the world about unsecured IoT devices, that's no understatement. In 2015, IT Pro first reported on a hackable Barbie doll which could be used to spy on children, listening in to their conversations by hijacking the doll's microphone.

Two years later in 2017, it was revealed the industry still hadn't made a concerted effort to address the worrying issue. Research indicated that four in seven of the most popular IoT-enabled children's toys contained security flaws that would allow hackers to talk directly to a child.

LeapFrog has patched all the vulnerabilities brought to them by Checkmarx, who said the company exhibited "lightning-fast responsiveness", and removed Pet Chat entirely from all devices.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020