Skip to Content
Security & privacy

This scary flaw in a tablet for kids exposes their location

If your young children or grandchildren use this popular kid-safe tablet, we have a warning. Security flaws could make it easier for pedophiles to find them.

Facebook and YouTube have been plagued by pedophiles contacting children through their platforms. That’s what makes these security flaws so surprising — the tablet is designed to keep very young children off the greater internet and pedophiles’ radar.

We’ll tell you how you can make the tablet safe, as well as what the company is doing to fix the flaws. Plus, check out our tips for keeping your children safe while they are online.

How pedophiles could exploit security flaws in kids’ tablet

While testing LeapFrog’s LeapPad Ultimate Tablet, a cybersecurity firm found two major flaws that could allow pedophiles to find and contact children. The tablet is supposed to be designed to keep kids safe. Children can only use a set of pre-loaded emojis and phrases to chat with other children.

But it turns out that sexual predators can hack into at least one chat site. In a report by Checkmarx, researchers found vulnerabilities in an app called Pet Chat that can be downloaded through LeapFrog’s app store.

The app allows kids to chat with each other through the pre-loaded emojis and phrases. Pet Chat creates a Wi-Fi connection to keep kids in the chat room while restricting access to the greater internet.

Hackers could find Pet Chat on a Wi-Fi connection and track the MAC address. They could then use the website WiGLE, which tracks global wireless hotspots and finds local information.

This makes it possible for the hacker to find children and send them a pre-loaded message to lure the kids outside. What a terrifying thought.

The second security flaw allows hackers to harvest the personal information of children and their parents. Hackers can spoof a Wi-Fi network and force devices like the LeapPad Ultimate Tablet to connect to it.

While testing the flaw, Checkmarx found that traffic on the LeapPad was not encrypted and they were able to see children’s and parent’s private data. On the spoofed network, the researchers also were able to create a fake portal that asked parents for some financial information.

 

Related: 3 apps used by predators to groom children — remove them now

 

LeapFrog fixes security flaws

Checkmarx informed LeapFrog about the security flaws in December and said the company worked quickly to fix them. The Pet Chat app was removed from its app store. If it’s already loaded onto a LeapPad you can manually delete it.

The Wi-Fi network spoofing ability also was fixed. The company thanked Checkmarx for informing it about the security dangers.

While it’s easier to control your young child’s internet activity on a LeapPad, eventually those kids will be old enough to use “real” wireless devices. There are apps you can use to monitor how much time your kid spends on the internet, as well as tracking devices.

But instead of creating an adversarial relationship over technology, you and your kids can get on the same page.

At Komando.com, we’re committed to providing you with the information you need to keep your kids safe online. As part of our efforts, Kim Komando has created the Tech Safety Contract for parents and their children.

The contract gives specifics on how kids should behave or what to watch out for while on websites and apps. We also offer five steps every parent should take to not only keep their children safe but also alive.

Ambassador Program background

Refer friends, earn rewards!

Why not share your new source of digital-lifestyle news, tips and advice with others? When your friends and family subscribe to Kim's free newsletters, you earn points toward awesome rewards!

Get Rewarded