Children’s tablet has malware and exposes kids’ data, researcher finds
Reading Time: 3 minutesIn May this year, Alexis Hancock’s daughter got a children’s tablet for her birthday. Being a security researcher, Hancock was immediately worried.
As it turned out, Hancock, who works at the Electronic Frontier Foundation, had good reasons to be concerned. Hancock said she found that the tablet had a slew of security and privacy issues that could have put her daughter’s and other children’s data at risk.
The first worrying thing Hancock said she found on the tablet were traces of the presence of Corejava, which in January cybersecurity firm Malwarebytes analyzed and concluded was malicious. Also this year, the Electronic Frontier Foundation and independent security researchers discovered the same type of malware embedded in the software of cheap Android-powered TVs. The good news, Hancock said, is that at least the malware seemed inactive, and was programmed to send data to dormant servers.
According to Hancock’s technical report, the tablet also came pre-loaded with Adups — the same software found in those Android TVs — which is used to do ‘firmware over the air’ updates. Malwarebytes has classified Adups as malware and a ‘potentially unwanted program’ for its ability to automatically download and install new malware from the internet.
Finally, the tablet came with a pre-installed and outdated version of the KIDOZ app, which serves as an app store that allows parents to set parental controls and kids to download games and apps. The app store ‘collects and sends data to ‘kidoz.net’ on usage and physical attributes of the device. This includes information like device model, brand, country, timezone, screen size, view events, click events, logtime of events, and a unique KID ID,’ according to Hancock’s report.
The Dragon Touch tablet that Hancock analyzed used to be on sale on Amazon until this week, when the listing went down and was replaced with a listing for the same tablet, which claims the tablet runs Android 12, which was released in 2021. Images on the listing, however, say the tablet runs Android 10, released in 2019.
It’s unclear how popular these tablets are, but the Amazon listings showed more than 1,000 reviews.
‘We have removed this third-party item from our site while our Trust and Safety conducts a review,’ Walmart spokesperson John Forrest Ales said in an email. ‘Like other major online retailers, we operate an online marketplace that allows outside third-party sellers to offer merchandise to customers through our eCommerce platform. We expect these items to be safe, reliable, and compliant with our standards and all legal requirements. Items that are identified to not meet these standards or requirements will be promptly removed from the website and remain blocked.’
Dragon Touch is listed on the official Android website as a ‘certified’ device that’s been ‘tested for security and performance.’
Children’s internet-connected products have long been a target for hackers. In 2015, a hacker broke into the servers of VTech, a consumer electronics company that made gadgets for children. The hack resulted in the theft of personal information of almost five million parents, including names, email addresses, passwords, and home addresses, and the personal data of more than 200,000 kids, including names, genders and birthdays. The hacker also obtained thousands of pictures of parents and kids and a year’s worth of chat logs.
After finishing her research, Hancock said she had to keep the tablet because her daughter got attached to it during a trip with her cousins. But Hancock didn’t return the tablet to her daughter until after making changes to protect her daughter’s privacy.
‘I have talked to her about why I had her tablet, and why I had it for so long away from her. I told her that it was sick, it had a virus, and I had to make it better and I had to take it to the doctor,’ Hancock said.
In practice, Hancock said that she ‘nuked everything’ she could.
First, Hancock said she installed a VPN profile on the tablet on a private server that runs Pi-hole, an ad blocking software; then, she limited the number of apps her daughter could use; redirected the DNS — the internet system that connects IP addresses to domain names, for ‘any problematic domains;’ and even installed Tor, a browser that is designed to protect the anonymity of its user.
Hancock, however, said parents shouldn’t need to do all this to protect their children’s privacy, especially because not everyone has the technical chops, or the time, to research their kids’ tablet’s cybersecurity and privacy issues.
‘Parents really can’t do too much,’ she said. ‘And honestly, it shouldn’t be left up to them.’
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG