الرئيس التنفيذي
أشرف الحادي

رئيس التحرير
فاطمة مهران

Smart toy vulnerabilities could let cybercriminals video-chat with kids

Vulnerabilities in a popular smart toy robot could make children potential targets for cybercriminals, Kaspersky researchers have discovered. The weaknesses could enable hackers to take control of the toy’s system and misuse it to secretly communicate with kids through video chat without parental consent. The risks associated with the robot system’s application extend to dangers that sensitive details such as users’ names, genders, ages and even their locations may be compromised.
An Android-based robot designed for kids is equipped with a built-in video camera and microphone. It harnesses artificial intelligence to recognize and interact with children by name and to adjust its responses based on the child’s mood, gradually getting acquainted with them over time. To unlock the full potential of the toy, parents are required to download the application to their mobile device. Through this app, parents can track the child’s progress with their learning activities and even initiate a video call with the child via the robot.
During initial setup, parents are instructed to connect the toy to a Wi-Fi network, link it to their mobile device, then provide the child’s name and age. During this phase, Kaspersky experts have uncovered a concerning security issue: the responsible API (Application Programming Interface) for requesting this information lacks authentication enforcement, a step that confirms who can access your network resources. This potentially allows cybercriminals to intercept and access various types of data – including the child’s name, age, gender, country of residence, and even their IP address – by intercepting and analyzing the network traffic. What’s more, this flaw enables cybercriminals to exploit the robot’s camera and microphone, initiating direct calls to the users, bypassing the required authorization from the guardians’ account. If a child accepts this call, an attacker can communicate covertly, without parents’ consent. In such cases, the attacker could manipulate the user, potentially luring them out of the safety of their home or influencing them into engaging in risky behaviors.
Furthermore, security issues of the parent’s mobile application may enable an attacker to remotely take control over the robot and gain unauthorized access to the network. Using brute-force methods to recover the six-digit one time-password (OTP), and with no enforced limit on failed attempts, an attacker could remotely link the robot to his own account, effectively taking the device out of its owner’s control.
‘When purchasing smart toys, it becomes imperative to prioritize not only their entertainment and educational value but also their safety and security features. Despite the common belief that a higher price tag implies enhanced security, it is essential to understand that even the most expensive smart toys may not be immune to vulnerabilities that attackers can exploit. Hence, parents must carefully examine toy reviews, remain vigilant about updating smart device software, and closely supervise their child’s activities during playtime,’ comments Nikolay Frolov, senior security researcher at Kaspersky’s ICS CERT.
The findings from the team’s thorough research were presented during the panel session titled ‘Empowering the Vulnerable in the Digital Environment’ at Mobile World Congress (MWC) 2024.
The Kaspersky team reported all the vulnerabilities they discovered to the vendor, who promptly patched them.
Learn more on Securelist.com.
To keep all smart devices, secure and protected, Kaspersky experts compiled the following tips:
• Keep your devices updated: Regularly update the firmware and software of all your connected devices, including smart toys. These updates often contain crucial security patches that address known vulnerabilities.
• Research before purchase: Before buying a smart toy or any connected device, research the manufacturer’s reputation for security and privacy. Choose devices from reputable brands that prioritize security and provide regular updates.
• Be cautious with app permissions: Review and limit the permissions granted to mobile apps associated with your smart device. Only provide necessary access to features and data, and avoid granting excessive privileges.
• Power it off when not used: Switch off the smart toy when not in use to prevent data collection. If the device has a microphone, store it in a hard-to-reach place when not active, and cover or redirect any cameras when not in use.
• Use reliable security solutions: Employ a dependable security solution to help secure and protect your entire smart home ecosystem.

Related Posts:

Kaspersky and partners launch a career orientation test to inspire more girls into cybersecurity

US government shutdown continues with no end in sight

Dubai Land Department participates in AccessAbilities Expo 2025 to promote inclusion and integration within the real estate sector

Meet Dr. Jamil El-Imad’s Digital Twin: The AI Who Can Talk Back

Global Tech Leaders Unite to Propel Emerging Future-Critical Sectors at GITEX GLOBAL 2025

Discover a Festive Season of Wonder Rooted in Island Traditions at Centara’s Maldivian Resorts

Assiut in Egypt and Kathmandu in Nepal Lead the Fastest-Growing Destinations, While Najran, Al-Baha, and Abha Top Domestic Tourism

Strategic Partnership Between Raya Electronics and Johnson Controls Arabia to Deliver YORK HVAC Solutions to Egypt’s Real Estate Market

آخر الأخبار
وزير الثقافة: نصر أكتوبر أصبح نصرين بفوز خالد العنانى بمنصب مدير عام اليونسكو وزير الأوقاف يشهد احتفال الأزهر الشريف بالذكرى الثانية والخمسين لانتصارات أكتوبر المجيدة رئيس الوزراء يهنئ الدكتور خالد العناني بفوزه بمنصب مدير منظمة اليونسكو خالد العنانى: أشكر مصر.. وسأتعاون مع كل البلدان دون أجندات جغرافية فوز خالد العناني مدير عام اليونسكو باكتساح Kaspersky and partners launch a career orientation test to inspire more girls into cybersecurity وزير الإسكان: غدًا بدء تسليم دفعة جديدة من وحدات «سكن مصر» بالقاهرة الجديدة وزير البترول يتفقد الحفار البحري (القاهر-2) استعدادًا لحفر بئر جديدة لإيني الإيطالية في البحر المتوس... رئيس الوزراء يترأس اجتماع اللجنة العليا لشئون المشاركة بنك القاهرة يمدد اعتماد شهادة الأيزو في مجال الحوكمة المؤسسية  ISO 37000 للعام الثانى على التوالى دينا الشربيني وصبا مبارك في مغامرة الطيران الأولى من نوعها في الجونة قادة التكنولوجيا الناشئة حول العالم يجتمعون في "جيتكس جلوبال 2025" لدفع مسارات التقدم في مختلف القطا... المهندس سمير فوزي السيد يهنئ الشعب المصري والرئيس السيسي والقوات المسلحة بذكرى انتصار أكتوبر "التخصصي" يستعرض ابتكاراته في ملتقى الصحة العالمي 2025 بالرياض بنك الفجيرة الوطني يدعم الابتكار في البنية التحتية للطاقة المتوسطة لتعزيز الطاقة اللامركزية والشبكات... وزير الخارجية يلتقي المندوب الدائم لجنوب أفريقيا لدى اليونسكو والرئيس الحالي للمجموعة الأفريقية Ooredoo الكويت و"انفوبيب" تطلقان عصراً جديداً من تجارب العملاء المدعومة بالذكاء الاصطناعي التفاعلي ريكسوس مارينا أبوظبي يتعاون مع القافلة الوردية لاستضافة فعالية رايد ويذ ريكسوس في أكتوبر الجاري ماجد الفطيم تعلن عن خطتها لإطلاق "غاف وودز مول" ليكون الوجهة الأولى من نوعها المتكاملة مع الغابات ودائع "ويو بنك" تتجاوز 50 مليار درهم إماراتي