Topics
Latest
AI
Amazon
Image Credits:Óscar López Rogado / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Óscar López Rogado / Getty Images
Cloud Computing
DoC
Crypto
go-ahead
EVs
Fintech
fund raise
Gadgets
stake
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
secrecy
Robotics
security department
societal
Space
startup
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
video recording
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Walmart pulled the tablet from its online store; Amazon and Google said they are investigating
In May this yr , Alexis Hancock ’s daughter got a children ’s pill for her birthday . Being a security researcher , Hancock was forthwith worried .
“ I looked at it kind of sideways because I ’ve never heard of Dragon Touch , ” Hancock told TechCrunch , referring to the pad ’s maker .
As it turned out , Hancock , who works at the Electronic Frontier Foundation , had salutary reason to be refer . Hancock state she found that the tablet had a heap of security and privacy issue that could have put her girl ’s and other baby ’s data at danger .
The Dragon Touch KidzPad Y88X hold trace of a well - known malware , runs a version of Android that was released five years ago , come pre - loaded with other software that ’s considered malware and a “ potentially undesirable programme ” because of “ its history and extensive system level permission to download whatever software it wants , ” and includes an outdated translation of an app store design specifically for kids , accord to Hancock ’s report , which was release on Thursday and attend by TechCrunch ahead of its publication .
Hancock said she reached out to Dragon Touch to account these issues , but the company never responded . Dragon Touch did not answer to TechCrunch ’s questions either .
The first worrying matter Hancock said she find on the pad of paper were traces of the presence of Corejava , which in January cybersecurity house Malwarebytesanalyzed and concluded was malicious . Also this year , the Electronic Frontier Foundation and independent security measure researchersdiscovered the same type of malware embedded in the software of cheap Android - power TVs . The good news , Hancock state , is that at least the malware seemed dormant , and was programme to place data to dormant servers .
According to Hancock ’s technical report , the tablet also come pre - loaded with Adups — the same software found in those Android television — which is used to do “ firmware over the air ” update . Malwarebytes has classified Adupsas malware and a “ potentially undesirable programme ” for its power to automatically download and set up novel malware from the net .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Finally , the pad of paper came with a pre - installed and out-of-date version of the KIDOZ app , which process as an app store that allows parent to set parental controls and kids to download game and apps . The app store “ collects and send data to ‘ kidoz.net ’ on usage and forcible attributes of the gimmick . This includes data like twist model , brand , country , timezone , screen sizing , catch outcome , click upshot , logtime of event , and a unique KID ID , ” according to Hancock ’s paper .
KIDOZ beginner Eldad Ben Tora told TechCrunch that the app is certified to respect COPPA , the U.S. Union jurisprudence that carves out some on-line seclusion protection for children , and that the app “ underwent a rigorous assessment process by an FTC - approved COPPA Safe Harbor Program called PRIVO , which let in a thorough review of our information solicitation , storage , and usage practices . ”
“ This process ensures that our serve amply abide by with COPPA requirements , prioritize the protection of child ’s privacy , ” Ben Tora told TechCrunch .
The Dragon Touch tablet that Hancock analyzed used to be on sales event on Amazon until this week , when the itemization went down and was put back with a listing for the same tablet , which arrogate the pill run Android 12 , which was released in 2021 . paradigm on the listing , however , say the tablet runs Android 10 , released in 2019 .
It ’s unclear how popular these tab are , but the Amazon listing demo more than 1,000 reviews .
Amazon spokesperson Adam Montgomery recount TechCrunch in an e-mail that the company is “ looking into these claims , and will take appropriate action if needed . ”
The Dragon Touch tablet was also available on Walmart until this week . After TechCrunch get hold of out to the society , Walmart removed the list from its web site .
“ We have removed this third - party item from our situation while our Trust and Safety bear a review , ” Walmart spokesperson John Forrest Ales said in an email . “ Like other major on-line retail merchant , we operate an on-line marketplace that allows outside third - political party sellers to offer ware to client through our eCommerce platform . We expect these item to be safe , reliable , and compliant with our standards and all legal requirements . Items that are identified to not come across these standards or requirements will be promptly withdraw from the internet site and continue out of use . ”
Dragon Touch islisted on the prescribed Android websiteas a “ certified ” gadget that ’s been “ tested for security measures and performance . ”
Google voice Ed Fernandez told TechCrunch by email that the caller was “ thoroughly evaluating the title in this paper to determine whether the manufacturer ’s gimmick match the security standards required forPlay Protect certification . ”
Children ’s internet - link up products have long been a target for hack . In 2015,a hacker broke into the server of VTech , a consumer electronics company that made convenience for kid . The taxi lead in the theft of personal selective information of almost five million parents , including names , email addresses , passwords and habitation address , and the personal data of more than 200,000 kids , admit name , genders and birthdays . The drudge also obtainedthousands of picture of parents and kidsand a twelvemonth ’s Charles Frederick Worth of chat log .
After finishing her research , Hancock enjoin she had to keep the lozenge because her daughter got attached to it during a trip with her cousins . But Hancock did n’t devolve the tablet to her daughter until after make changes to protect her girl ’s privacy .
“ I have talked to her about why I had her tablet , and why I had it for so long away from her . I told her that it was sick , it had a virus , and I had to make it better and I had to take it to the physician , ” Hancock said .
In pattern , Hancock enunciate that she “ atomize everything ” she could .
First , Hancock said she set up a VPN profile on the tablet on a private waiter that runsPi - hole , an advertising blocking package ; then , she determine the act of apps her daughter could use ; redirected the DNS — the internet system that relate IP address to domain names , for “ any problematic domains ; ” and even instal Tor , a web web browser that is design to protect the namelessness of its user .
Hancock , however , enunciate parent should n’t need to do all this to protect their children ’s privacy , especially because not everyone has the technological chop , or the sentence , to research their kids ’ tablet ’s cybersecurity and privacy issues .
“ Parents really ca n’t do too much , ” she said . “ And frankly , it should n’t be left up to them . ”
Popular Android TV boxes sold on Amazon are lace with malware
