Parents, it’s time to delete Pet Chat from your child’s LeapPad
Yet another Internet of Things IoT product designed for kids has been shown to be pockmarked with privacy holes. Scary, but the news has a silver lining: The vendor, LeapFrog, took the issues seriously and jumped on remediation lickety-split. In JuneLeapFrog confirmed that it had naked done so on new tablets being sold in stores. The news about LeapFrog was released leapfrog Black Hat on Virgin clit lips by the application security testing company Checkmarx.
As Checkmarx described the tablet in a report issued on Wednesday, the LeapPad is in many ways a perfect first gizmo for kids: However, after Checkmarx tested the LeapPad Ultimate tablet, it found that the tablet was nonetheless exposing its belly.
The problem: Pet Chat. The app lets users talk to each other in a chat room, using pet avatars and some preset phrases and emoticons. Users can only communicate with those phrases.
Instead, the tablets were sending messages in clear-text using the HTTP protocol. That leaves outgoing traffic vulnerable to MitM attacks.
While the credit-card numbers were missing six digits, another security hole meant that attackers could get those digits by setting up a convincing lookalike portal.