Leapfrog, the popular kids’ tablet, has been found to have security vulnerabilities that could have let strangers capture young users’ location data and send them messages.
A new report from CheckMarx, an application security testing company, revealed that the LeapPad Ultimate tablet used an insecure internet connection that could have revealed personal information like age, gender, and names about the children who own the product. An app for LeapPad Ultimate called Pet Chat was also found to potentially reveal a tablet’s location and information.
The tablet is meant for children ages 3 to 6, and is supposed to be safer than an iPad or a Kindle since it doesn’t require Wi-Fi and can only download Leapfrog-made apps. Pet Chat is one such app that allows two or more Leapfrog users within 100 feet of each other to talk in a chat room using only preset phrases.
CheckMarx found that by using WiGLE, a website that shows different wireless hot spots, a stranger could have discovered the locations of children using the Pet Chat app on Leapfrog because the app creates an ad hoc Wi-Fi connection. Leapfrog removed the Pet Chat app from stores in June, according to CheckMarx. Those with LeapPad devices older than three years may still have the Pet Chat app, and parents are being advised to uninstall the app manually.
Another vulnerability threat was discovered in Leapfrog’s child-safe web browser known as LeapSearch. CheckMarx manipulated the browser into a “phishing version” that could lead attackers to Leapfrog owners’ credit card, parent, and child information.
CheckMarx said that after it brought this information to the attention of Leapfrog, the company was quick to act in fixing or removing the vulnerable features.
“We thank Checkmarx for bringing these security issues to our attention, as the safety of the children who use our products is a top priority. With the information they provided, we were able to take immediate actions to resolve the issues. Checkmarx has been helpful, ethical, and professional. Cooperating with them has benefitted LeapFrog and our customers,” Mari Sunderland, the vice president of digital product management, told Checkmarx.
As more children are using technology at younger ages, tech companies have had to rethink how child-friendly their platforms and services are. On July 22, Facebook alerted parents about a security flaw in its Messenger Kids app. The technical error, which has since been fixed, allowed children to communicate with users in group chats who hadn’t been approved by their parents.
YouTube has also had its fair share of issues with child-friendly content, and the Federal Trade Commission (FTC) was investigating the platform about how it handles videos aimed at children. YouTube has been accused of failing to protect kids, particularly when its algorithm recommends or queues inappropriate videos.
Digital Trends reached out to Leapfrog for comment but has not yet received a response.
