Children's tablet leaks location and enables unsolicited messages from strangers

LeapFrog's LeapPad tablets are some of the most popular among young children and until recently, highly unsecure

Child using tablet

Security researchers have discovered serious security vulnerabilities in LeapFrog's popular children's LeapPad Ultimate tablets that could allow a hacker to track the location of a child and talk to them through the device's in-built chat app 'Pet Chat'.

Researchers from Checkmarx used a site called WiGLE which allowed anyone to search for a child's location by simply searching for SSIDs that included 'PetChat' because the app created a Wi-Fi ad-hoc connection whenever it was being used. Locations could then be discovered on public Wi-Fis and tracked MAC addresses.

Another issue discovered was that Pet Chat didn't require any authentication between a parent's and child's device which meant that anyone within a 100ft radius could send a message to a child through the app.

Combining these two in large cities could result in awful consequences. Researchers proved that evil attackers could easily scan cities for locations that were highly populated with children and send messages such as "Let's go! Play outside together".

In a separate vulnerability, researchers proved that the same devices were also susceptible to man-in-the-middle (MiM) attacks using Wi-Fi Pumpkin, a rogue access point framework.

Using Wi-Fi Pumpkin, attackers can spoof an existing Wi-Fi network, such as a restaurant's, and then force users who were already connected to the original network onto the spoofed one created by the attackers.

LeapPad devices were especially vulnerable to this attack because their outgoing traffic wasn't encrypted over HTTPS, instead, it used a clear text HTTP protocol which allowed attackers to steal sensitive information from the device including credit card information, account balances, name and address of the parents. Additionally, the name, gender, birth year and birth month of the child were also harvestable.

"The vulnerabilities we uncovered during this research would likely create worrying scenarios for parents, concerning their children's usage of LeapPad," said David Sopas, application security research team leader. "LeapFrog did take several measures to secure these tablets to protect children. However, just a few vulnerabilities can be combined to create some very harmful attack results."

These issues highlight a consistent trend with IoT-enabled devices just not being built with security at the forefront of the manufacturer's priorities.

"IoT devices are often the weak link in the network because manufacturers have not designed them with security in mind and consumers do not have the tools or knowledge to enable them to secure the devices after they've purchased them," said Cody Brocious, head of hacker education at HackerOne.

"Security experts have been warning for years about the security risks introduced by insecure smart home assistants, connected children's toys and baby monitors, smoke detectors, door locks, smart cameras, smart TVs, smart speakers, wearable health trackers and connected washing machines," he added.

When Brocious said experts have been warning the world about unsecured IoT devices, that's no understatement. In 2015, IT Pro first reported on a hackable Barbie doll which could be used to spy on children, listening in to their conversations by hijacking the doll's microphone.

Two years later in 2017, it was revealed the industry still hadn't made a concerted effort to address the worrying issue. Research indicated that four in seven of the most popular IoT-enabled children's toys contained security flaws that would allow hackers to talk directly to a child.

LeapFrog has patched all the vulnerabilities brought to them by Checkmarx, who said the company exhibited "lightning-fast responsiveness", and removed Pet Chat entirely from all devices.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021