14 DAY TRIAL // The Magic Kinder Android app has a series of security holes that allow unknown people to send texts, images, and videos to the app's users, who are mostly little children.
According to Massimo Bozza, a researcher for security consulting firm Hacktive Security, the issues are still active because the app's vendor has failed to answer his emails after three weeks, and the researcher has decided to go public with the findings before someone abuses these flaws for any nefarious purposes.
Lack of encryption for children data strikes again!
The app in question, available on Google's Play store, is called Magic Kinder and is aimed at little children and their families. Magic Kinder lets children play games, watch videos, reads stories, paint, but also share texts, images, and video content with family members via a feature called Family Diary.
Parents can create family diaries and add their kids and other family members to this digital content sharing place.
Bozza discovered that, because the app doesn't use encryption in any way or form, an attacker, via a proxy on the local network, can intercept traffic coming from a device with the Magic Kinder app installed.
Attackers can molest and scare kids, spy on conversations
By modifying a few parameters in the HTTP requests here and there, he found out that he could send any type of data he wished to any app user.
Bozza also learned that he could also access Family Diaries based on any child's ID, and even update data inside any user's profile.
Since all that the "hacker" had to do was to modify simple user ID numbers, the attack is quite easy to carry out, even for users with lower technical skills (which are required nevertheless).
This case is very similar to another one from early February, when security researchers from Rapid7 discovered flaws in the hereO GPS children's watch. As with this scenario, attackers could access private family circles and use the hereO watches and the adults' phones to track the whereabouts of children and their (supervising) family members.
