
The vulnerabilities discovered in a popular smart toy robot by Kaspersky researchers pose serious risks to children’s safety and privacy. These weaknesses could potentially allow cybercriminals to exploit the toy’s system, enabling them to secretly communicate with kids through video chat without parental consent. The vulnerabilities extend to compromising sensitive details such as users’ names, genders, ages, and even their locations.
The Android-based robot, designed for children, features a built-in video camera and microphone, utilizing artificial intelligence to interact with children by name and adjust responses based on their mood.
Parents are required to download an application to their mobile device to unlock the toy’s full potential, enabling them to track their child’s progress and even initiate video calls through the robot.
During the setup process, a critical security issue was uncovered where the responsible API lacked authentication enforcement, potentially allowing cybercriminals to intercept and access various data, including personal information like the child’s name, age, and IP address.
This flaw could also enable hackers to exploit the robot’s camera and microphone, initiating calls to users without proper authorization, posing serious risks to children’s safety.
Nikolay Frolov, a senior security researcher at Kaspersky, emphasized the importance of prioritizing safety and security features when purchasing smart toys.
He advised parents to carefully examine toy reviews, update smart device software regularly, and supervise their child’s activities during playtime to mitigate risks associated with vulnerabilities in smart devices.
Kaspersky experts provided essential tips to enhance the security of smart devices, including keeping devices updated, researching manufacturers’ security reputation, being cautious with app permissions, powering off devices when not in use, and using reliable security solutions to protect the smart home ecosystem.
