Vulnerability of Magic Kinder app, at risk of photos privacy and data of children – Cellulari.it

Magic Kinder, application created by Kinder, the well-known trademark of Ferrero, for families with children and recently promoted as a safe space for children whose parents have total control through special settings, it was declared unsafe by some security experts.

The experts have warned that there were mass privacy issues with this application, but

an update would have already solved the bugs found in previous versions, so the current downloadable version from store of Android and Apple should be free from vulnerabilities.

 The Hacktive Security Experts explain that the lack of encryption within the application for Magic Kinder smartphones and other deficiencies in the security protocols used, would have allowed some hackers to break the app and enter the user’s smartphone.

experts have said that this flaw allowed a possible attacker to take advantage of app vulnerabilities to “read the children’s chat, send them messages, photographs and videos or change your profile information such as date of birth and sex. “

Among the vulnerable functions from the app Magic Kinder find the” Family Diary “, a kind of social network for children where the little ones have the ability to share content: a space that before update that solved the bug, could be breached by an experienced hacker.

Magic Kinder is an app for Android smartphones, which boasts over 500,000 downloads; The application was developed by a subsidiary of Ferrero International, the company behind Nutella, Kinder and Ferrero Rocher.

 The app provides its customers with different content, including games, stories, videos, and activities such as quizzes and colors, features designed by the developers to educate and entertain children while they learn.

In the description of ‘ app Magic Kinder says: “we offer you the peace of mind of knowing that your children are safe in the environment Magic Kinder. you can add avatars, set time limits and decide how much content can download your son.”

The marketing manager at the Pen Test Partners, Joe Bursell, an independent consulting company offering security, said the site The Register that the Magic Kinder application contained many problems basic security. The manager explained that “you would be able to access the proxy ID in a few minutes of testing.” According Bursell no authorization checks on any of the requests and that means that “anyone can: send a message to your children, read your diary family, and modify other data about people, such as sex. The worst thing is that the app does not use encryption. ”

According to a report in the ‘ Ansa, which reports having talked to Carlo Pelliccioni of Hacktive Security, now the flaw is corrected with the last recent updates of the app for Android and iOS.