A new app called Magic Kinder advertises itself as a way for kids to connect with video and images, read stories, draw, paint and learn, all free of advertising and totally safe for kids.
The problem is, according to a couple of articles out of well known tech research groups, the app could leave your child open to receiving unwanted images and video from strangers who are up to no good. According to an article at Softpedia:
“[B]ecause the app doesn’t use encryption in any way or form, an attacker, via a proxy on the local network, can intercept traffic coming from a device with the Magic Kinder app installed. By modifying a few parameters in the HTTP requests here and there, he found out that he could send any type of data he wished to any app user. Since all that the “hacker” had to do was to modify simple user ID numbers, the attack is quite easy to carry out…”
According to one researcher, the company did not respond to emailed questions when the vulnerability was discovered. The company behind the app is Italian candy giant Fererro, who should have the resources to avoid a situation such as this.
Joe Bursell, a tech researcher further commented to tech blog The Register:
“These are not subtle, hard-to-find issues. You’d see those IDs in the proxy within minutes of testing and the first thing you would do is manually increment/decrement them. There are no authorisation checks on any of the requests. This means that anyone can: send a message to your kids, read your family diary, and change other data about people, e.g. gender.”
According to media reports, the app has been downloaded 500,000 times. We haven’t done a full review of the app and we don’t intend to at this time. We strongly advise parents avoid the Magic Kinder app.
Thanks to Greg at CoppaNOW for bringing this to our attention.
DID YOU KNOW?: The ThirdParent initial audit is now FREE (previously a $49 value). You can cancel at any time. Sign up today!
Contact ThirdParent any time for help and resources for monitoring child and teen internet activity.
Work at a high school or college? We have custom solutions for monitoring dangerous or inappropriate activity. Learn more.