Security expert and researcher Mark Carthy explained in a blog post that LeapFrog’s popular Children’s Tablet, LeapPad, is susceptible to malware and attack through a range of vulnerabilities in the Adobe Flash framework of the tablet’s OS. The company has recently been purchased by VTech, which, incidentally, is already recovering from a massive hack last year that puts the personal information of millions of its users at risk of the leak.
Nmap scans on the tablet did not deliver anything that is wrong with the tablet, except that there is a pre-built app on the device that allows you to play videos and host games from a remote server. Carthy actioned an ARP Cache Poisoning Attack and came up with a mechanism for obtaining the AWS server’s IP address simply by detouring traffic using a laptop and filtering the traffic via a source address. Next, by connecting the device to his laptop, Carthy discovered that the Adobe Flash version that is required for the functioning of the tablet is 19.0.0.185, which has a common vulnerability that allows hackers to install viruses and malware into the device.
The researcher then came up with a list of numerous potential risks that the tablet may be subjected to as a result of this, including the possibility that the attacker might attain the use of an inbuilt microphone or take pictures of the child using the tablet from the cameras. This, quite naturally, renders LeapFrog’s tablet to be a potentially risky gadget to hand over to your child.