Skip to main content

Leapfrog tablets may have exposed your kid’s location data

Leapfrog, the popular kids’ tablet, has been found to have security vulnerabilities that could have let strangers capture young users’ location data and send them messages. 

A new report from CheckMarx, an application security testing company, revealed that the LeapPad Ultimate tablet used an insecure internet connection that could have revealed personal information like age, gender, and names about the children who own the product. An app for LeapPad Ultimate called Pet Chat was also found to potentially reveal a tablet’s location and information. 

The tablet is meant for children ages 3 to 6, and is supposed to be safer than an iPad or a Kindle since it doesn’t require Wi-Fi and can only download Leapfrog-made apps. Pet Chat is one such app that allows two or more Leapfrog users within 100 feet of each other to talk in a chat room using only preset phrases. 

CheckMarx found that by using WiGLE, a website that shows different wireless hot spots, a stranger could have discovered the locations of children using the Pet Chat app on Leapfrog because the app creates an ad hoc Wi-Fi connection. Leapfrog removed the Pet Chat app from stores in June, according to CheckMarx. Those with LeapPad devices older than three years may still have the Pet Chat app, and parents are being advised to uninstall the app manually. 

Another vulnerability threat was discovered in Leapfrog’s child-safe web browser known as LeapSearch. CheckMarx manipulated the browser into a “phishing version” that could lead attackers to Leapfrog owners’ credit card, parent, and child information. 

CheckMarx said that after it brought this information to the attention of Leapfrog, the company was quick to act in fixing or removing the vulnerable features. 

“We thank Checkmarx for bringing these security issues to our attention, as the safety of the children who use our products is a top priority. With the information they provided, we were able to take immediate actions to resolve the issues. Checkmarx has been helpful, ethical, and professional.  Cooperating with them has benefitted LeapFrog and our customers,” Mari Sunderland, the vice president of digital product management, told Checkmarx. 

As more children are using technology at younger ages, tech companies have had to rethink how child-friendly their platforms and services are. On July 22, Facebook alerted parents about a security flaw in its Messenger Kids app. The technical error, which has since been fixed, allowed children to communicate with users in group chats who hadn’t been approved by their parents. 

YouTube has also had its fair share of issues with child-friendly content, and the Federal Trade Commission (FTC) was investigating the platform about how it handles videos aimed at children. YouTube has been accused of failing to protect kids, particularly when its algorithm recommends or queues inappropriate videos. 

Digital Trends reached out to Leapfrog for comment but has not yet received a response. 

Editors' Recommendations

Allison Matyus
Former Digital Trends Contributor
Allison Matyus is a general news reporter at Digital Trends. She covers any and all tech news, including issues around social…
Hackers are pretending to be cybersecurity firm to lock your entire PC
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

As hackers come up with new ways to attack, not even trustworthy names can be taken at face value. This time, a ransom-as-a-service (RaaS) attack is being used to impersonate a cybersecurity vendor called Sophos.

The RaaS, referred to as SophosEncrypt, can take hold of your files -- or even your whole PC -- and requires payment to have them decrypted.

Read more
‘World’s largest sundial’ to double as green energy provider
Houston's Arco del Tiempo (Arch of Time).

Houston’s next piece of public art is being described as "the world's largest sundial" and will also produce solar power for the local community.

The striking Arco del Tiempo (Arch of Time) is the creation of Berlin-based artist and architect Riccardo Mariano and will be installed in the Texan city’s East End district in 2024.

Read more
Nvidia’s peace offering isn’t working
Two MSI RTX 4060 Ti 16GB GPUs over a black background.

Nvidia's RTX 4060 Ti 16GB is here, but you wouldn't know it if you didn't follow GPU news closely. It seems that the GPU might just be so far behind some of the best graphics cards that Nvidia isn't advertising it too much. As a result, early benchmarks are scarce.

MSI has released some benchmarks of its own, comparing the 8GB and the 16GB versions of the RTX 4060 Ti. It turns out that the new GPU might actually be slower. Is this why Nvidia didn't even make its own version of this card?

Read more