Vulnerabilities in smart toys put children

Kaspersky analysts did discovered that the vulnerabilities of the popular robot, and a smart toy that could make children potential targets for cybercriminals. The vulnerabilities would allow them to take control of the toy system and use it to secretly communicate with children via video chat, without the need for parental consent. Risks associated with The application of the robotic system extends to danger that sensitive data such as the user’s name, gender, age and even location may be compromised.

The robot intended for children has an Android operating system and is equipped with a video camera and microphone. It takes advantage of artificial intelligence to recognize and interact with children by name and adapts its responses based on the child’s mood, getting to know them. In order to use the toy’s full potential, parents must download the app to their device mobile device. Through this applicationparents can track their child’s progress in learning activities and even start a video call with their child through the robot.
During the initial setup, parents are asked to connect the toy to a Wi-Fi network, pair it with their mobile device, and then provide the child’s name and age.
During this phase, Kaspersky experts discovered a worrying security issue: The API (application programming interface) responsible for requesting this information lacks the implementation of authentication, a step that verifies who can access network resources. This allows cybercriminals to intercept and access different types of data – including a child’s name, age, gender, country of origin. residence and even your IP address – through the recording and analysis of network traffic.

it is more This bug also allows them to take advantage of the robot’s camera and microphone, initiating direct calls to users, bypassing the necessary authorization of mentor accounts. If the child accepts this invitation, the cyber attacker can communicate secretly. In these cases, the cybercriminal can manipulate the user to leave the safety of their home or influence them to adopt risky behaviors.

Furthermore, security issues A parent’s mobile app could enable a cybercriminal gain remote control of the robot and gain unauthorized access to the network.

Use of force methods Six-digit password (OTP) recovery bruteand without the limit of failed attempts, they could also remotely connect the robot to their own account, so its owner would lose control of the device.

“When purchasing smart toys, it is essential to prioritize not only their educational and entertainment value, but also the way their safety is configured. Despite the general belief that a higher price means greater security, it is important to understand that even the most expensive smart toys may not be immune to vulnerabilities that attackers can exploit. Therefore, parents should carefully study toy reviews, keep an eye out for smart device software updates, and carefully monitor their children’s play activities.", says Nikolay Frolov, Chief Security Analyst at ICS CERT at Kaspersky.

To keep all smart devices safe and secure, Kaspersky experts recommend:  Keep devices up-to-date: regularly update firmware and
software for all your devices connected, including smart toys.

These updates usually contain patches withcritical security features that address known vulnerabilities.

 Do your research before you buy: Before buying a smart toy or any connected device, it is important to know more about manufacturer’s reputation for security and privacy. Choose devices from well-known brands that prioritize security and offer regular updates.

 Be careful with application permissions: eIt is essential to review and limit the permissions granted to connected mobile applications to a smart device. Easily provide the necessary access to features and data and avoid granting excessive privileges.
 Turn off the smart toy when not in use avoid data collection. If the device has a microphone, It must be stored in a hard-to-reach place.
when not active, and cover or redirect cameras when not in use.
 Use reliable security solutions that help secure and protect the entire smart home ecosystem.