A Checkmarx report revealed that LeapFrog Ultimate, a tablet for kids ages three to six, featured serious security holes. According to the cybersecurity company, device vulnerabilities could serve as an entry point for hackers, thus facilitating theft of sensitive information or sending messages to children.
Launched in 2017 by the American brand LeapFrog, the tablet contains educational apps, games and videos for children, limiting its young users' use of the Internet to prevent access to inappropriate content.
According to the report published by Checkmarx, one of the main vulnerabilities of the system was in the “PetChat” application. Here, children can talk using animal avatars through a set of pre-set phrases. However, cybersecurity investigators have discovered a security hole in the device's network that could identify a possible location of LeapPads that would be using the application. In addition, anyone within 30 meters of a LeapFrog device using the PetChat app could send a message to a child.
Checkmarx also found vulnerabilities in the "LeapSearch" application, a child search engine that would allow hackers to access sensitive content: from child information (such as age, name and gender) to credit card data from parents.
According to the cybersecurity company, LeapFrog has already fixed the security holes in the device and removed "PetChat" from its app store. However, he warned that some older models may still have it installed, recommending that it be uninstalled.
The LeapFrog case is just one of the latest in child device safety issues. Already in July this year, a Messenger Kids application crashes, Facebook, allowed children between the ages of six and 12 to join chat groups that were not approved by their parents.