Beware Of Cyber Threats Targeting Children Through Smart Toys

Illustration of child smart robot toys (photo: Kaspersky)

JAKARTA - Kaspersky researchers found that it turns out that children can also be targeted for cyber threats, through smart toy robots, equipped with video cameras and very well-known internal microphones.

Usually, this technology uses artificial intelligence to recognize and interact with children by name and adjust its response based on the child's mood, and gradually get to know them over time.

After that, parents are required to download their application to mobile devices, enter their child's name and age, and then monitor the development of children's learning activities and even make video calls with children via robots.

During this phase, Kaspersky experts have discovered an alarming safety issue: API (Application Programming Interface) responsible for requesting this information has no enforcement of authentication, a move that confirms who can access your network's resources.

This allows cybercriminals to intercept and access various types of data, including children's names, age, gender, residential countries, and even their IP addresses, by tapping and analyzing network traffic.

This vulnerability allows hackers to take control of the toy system, and abuse it to communicate secretly with children via video chat without parental permission.

If a child receives this call, the attacker can communicate secretly. In cases like this, attackers can manipulate children, potentially lure them out of the house or influence them to commit risky behavior.

Additionally, the issue of security of the parent mobile app can allow attackers to remotely take control of robots and gain unauthorized access to the network.

Using the brute force method, attackers can connect robots to their accounts remotely, thus effectively making the device free from the owner's control.