Vulnerabilities in LeapPad expose data of children and parents

Researchers of cybersecurity company CheckMarx found vulnerabilities in LeapFrog’s LeapPad Ultima that exposes data of users. They identified that some of LeapFrog’s communications are not encrypted and stored in simple HTTP which is in clear text which can expose their name, gender, date of birth, also details of parent’s names, addresses, and even credit card information.

Another vulnerability identified was within LeapFrog’s Pet Chat app that allows children to send pre-loaded emojis and preset messages rather than writing original messages. This could allow an attacker to track the tablet or even send a ‘preset’ message to the tablet user.

LeapFrog and Pet Chat were removed from stores. ‘We thank CheckMarx for bringing these security issues to our attention, as the safety of the children who use our products is our top priority,’ said Mari Sunderland, VP of digital product management at LeapFrog Enterprises.