What a toy robot can do

The toy robot model that we studied is a kind of hybrid between a smartphone/tablet and a smart-speaker on wheels that enables it to move about. The robot has no limbs, so rolling around the house is its only option to physically interact with its environment.

The robot’s centerpiece is a large touchscreen that can display a control UI, interactive learning apps for kids, and a lively, detailed animated cartoon-like face. Its facial expressions change with context: to their credit the developers did a great job on the robot’s personality.

You can control the robot with voice commands, but some of its features don’t support these, so sometimes you have to catch the robot and poke its face the built-in screen.

In addition to a built-in microphone and a rather loud speaker, the robot has a wide-angle camera placed just above the screen. A key feature touted by the vendor is parents’ ability to video-call their kids right through the robot.

On the front face, about halfway between the screen and the wheels, is an extra optical-object-recognition sensor that helps the robot avoid collisions. Obstacle recognition being totally independent of the main camera, the developers very usefully added a physical shutter that completely covers the latter.

So, if you’re concerned that someone might be peeping at you and/or your child through that camera — sadly not without reason as we’ll learn later — you can simply close the shutter. And in case you’re worried that someone might be eavesdropping on you through the built-in microphone, you can just turn off the robot (and judging by the time it takes to boot back up, this is an honest-to-goodness shutdown — not a sleep mode).

As you’d expect, an app for controlling and monitoring the toy is available for parents to use. And, as you must have guessed by now, it’s all connected to the internet and employs a bunch of cloud services under the hood. If you’re interested in the technical details, you can find these in the full version of the security research, which we’ve published on Securelist.

As usual, the more complex the system — the more likely it is to have security holes, which someone might try to exploit to do something unsavory. And here we’ve reached the key point of this post: after studying the robot closely, we found several serious vulnerabilities.

Unauthorized video calling

The first thing we found during our research was that malicious actors could make video calls to any robot of this kind. The vendor’s server issued video session tokens to anyone who had both the robot ID and the parent ID. The robot’s ID wasn’t hard to brute-force: every toy had a nine-character ID similar to the serial number printed on its body, with the first two characters being the same for every unit. And the parent’s ID could be obtained by sending a request with the robot ID to the manufacturer’s server without any authentication.

Thus, a malicious actor who wanted to call a random child could either try to guess a specific robot’s ID, or play a chat-roulette game by calling random IDs.

Complete parental account hijack

It doesn’t end there. The gullible system let anyone with a robot ID retrieve lots of personal information from the server: IP address, country of residence, kid’s name, gender, age — along with details of the parental account: parent’s email address, phone number, and the code that links the parental app to the robot.

This, in turn, opened the door for a far more hazardous attack: complete parental-account hijack. A malicious actor would only have needed to have taken a few simple steps:

• The first one would have been to log in to the parental account from their own device by using the email address or phone number obtained previously. Authorization required submitting a six-digit one-time code, but login attempts were unlimited so trivial brute-forcing would have done the trick.
• It would only have taken one click to unlink the robot from the true parental account.
• Next would have been linking it to the attacker’s account. Account verification relied on the linking-code mentioned above, and the server would send it to all comers.

A successful attack would have resulted in the parents losing all access to the robot, and recovering it would have required contacting tech support. Even then, the attacker could still have repeated the whole process again, because all they needed was the robot ID, which remained unchanged.

Uploading modified firmware

Finally, as we studied the way that the robot’s various systems functioned, we discovered security issues with the software update process. Update packages came without a digital signature, and the robot installed a specially formatted update archive received from the vendor’s server without running any verifications first.

This opened possibilities for attacking the update server, replacing the archive with a modified one, and uploading malicious firmware that let the attacker execute arbitrary commands with superuser permissions on all robots. In theory, the attackers would then have been able to assume control over the robot’s movements, use the built-in cameras and microphones for spying, make calls to robots, and so on.

How to stay safe

This tale has a happy ending, though. We informed the toy’s developers about the issues we’d discovered, and they took steps to fix them. The vulnerabilities described above have all been fixed.

In closing, here are a few tips on staying safe while using various smart gadgets:

• Remember that all kinds of smart devices — even toys — are typically highly complex digital systems whose developers often fail to ensure secure and reliable storage of user data.
• As you shop for a device, be sure to closely read user feedback and reviews and, ideally, any security reports if you can find them.
• Keep in mind that the mere discovery of vulnerabilities in a device doesn’t make it inferior: issues can be found anywhere. What you need to look for is the vendor’s response: it’s a good sign if any issues have been fixed. It’s not a good thing if the vendor appears not to care.
• To avoid being spied or eavesdropped on by your smart devices, turn them off when you’re not using them, and shutter or tape over the camera.
• Finally, it goes without saying that you should protect all your family members’ devices with a reliable security solution. A toy-robot hack is admittedly an exotic threat — but the likelihood of encountering other types of online threats is still very high these days.

Therefore, it’s crucial for parents to stay informed about the latest cybersecurity threats targeting kids to better protect them from potential harm. In this post, my colleague, Anna Larkina, and I explore some of the key cybersecurity trends that parents should be aware of and provide tips on how to safeguard their children’s online activities.

AI threats

AI is continuing to revolutionize various industries, and its daily use ranges from chatbots and AI wearables to personalized online shopping recommendations — among many other common uses. And of course, such global trends pique the interest and curiosity of children, who can use AI tools to do their homework or simply chat with AI-enabled chatbots. According to a UN study, about 80 percent of youths that took part in its survey claimed that they interact with AI multiple times a day. However, AI applications can pose numerous risks to young users involving data privacy loss, cyberthreats, and inappropriate content.

With the development of AI, numerous little-known applications have emerged with seemingly harmless features such as uploading a photo to receive a modified version — whether it be an anime-style image or simple retouching. However, when adults, let alone children, upload their images to such applications, they never know in which databases their photos will ultimately remain, or whether they’ll be used further. Even if your child decides to play with such an application, it’s essential to use them extremely cautiously and ensure there’s no personal information that may identify the child’s identity — such as names, combined with addresses, or similar sensitive data — in the background of the photo, or consider avoiding using such applications altogether.

Moreover, AI apps – chatbots in particular – can easily provide age-inappropriate content when prompted. This poses a heightened risk as teenagers might feel more comfortable sharing personal information with the chatbot than with their real-life acquaintances, as evidenced by instances where the chatbot gave advice on masking the smell of alcohol and pot to a user claiming to be 15. On an even more inappropriate level, there are a multitude of AI chatbots that are specifically designed to provide an “erotic” experience. Although some require a form of age verification, this is a dangerous trend as some children might opt to lie about their age, while checks of real age are lacking.

It is estimated that on Facebook Messenger alone, there are over 300,000 chatbots in operation. However, not all of them are safe, and may carry various risks, like the ones mentioned earlier. Therefore, it is extremely important to discuss with children the importance of privacy and the dangers of oversharing, as well as talking to them about their online experiences regularly. It also reiterates the significance of establishing trusting relationships with one’s children. This will ensure that they feel comfortable asking their parents for advice rather than turning to a chatbot for guidance.

Young gamers under attack

According to statistics, 91 percent of children in the UK aged 3-15 play digital games on devices. The vast world of gaming is open to them — also making them vulnerable to cybercriminals’ attacks. For instance, in 2022, our security solutions detected more than seven million attacks relating to popular children’s games, resulting in a 57 percent increase in attempted attacks compared to the previous year. The top children’s games by the number of users targeted even included games for the youngest children — Poppy Playtime and Toca Life World — which are designed for children 3-8-years old.

What raises even more concerns is that sometimes children prefer to communicate with strangers on gaming platforms rather than on social media. In some games, unmoderated voice and text chats form a significant part of the experience. As more young people come online, criminals can build trust virtually, in the same way as they would entice someone in person — by offering gifts or promises of friendship. Once they lure a young victim by gaining their trust, cybercriminals can obtain their personal information, suggesting they click on a phishing link, download a malicious file onto their device disguised as a game mod for Minecraft or Fortnite, or even groom them for more nefarious purposes. This can be seen in the documentary series “hacker:HUNTER“, co-produced by Kaspersky, as one of the episodes revealed how cybercriminals identify skilled children through online games and then groom them to carry out hacking tasks.

The number of ways to interact within the gaming world is increasing, and now includes voice chats as well as AR and VR games. Both cybersecurity and social-related threats remain particular problems in children’s gaming. Parents must remain vigilant regarding their children’s behavior and maintain open communication to address any potential threats. Identifying a threat involves observing changes, such as sudden shifts in gaming habits that may indicate a cause for concern. To keep your child safe by stopping them downloading malicious files during their gaming experience, we advise installing a trusted security solution on all their devices.

Fintech for kids: the phantom menace

An increasing number of banks are providing specialized products and services designed for children — including bank cards for kids as young as 12. This gives parents helpful things like the ability to monitor their child’s expenditures, establish daily spending limits, or remotely transfer funds for the child’s pocket money.

Yet, by introducing banking cards for children, the latter can become susceptible to financially motivated threat actors and vulnerable to conventional scams, such as promises of a free PlayStation 5 and other similar valuable devices after entering card details on a phishing site. Using social engineering techniques, cybercriminals might exploit children’s trust by posing as their peers and requesting card details or money transfers to their accounts.

As the fintech industry for children continues to evolve, it’s crucial to educate children not only about financial literacy but also the basics of cybersecurity. To achieve this, you can read Kaspersky Cybersecurity Alphabet together with your child. It’s specifically designed to explain key online safety rules in a language easily comprehensible for children.

To avoid concerns about a child losing their card or sharing banking details, we recommend installing a digital NFC card on their phone instead of giving them a physical plastic card. Establish transaction confirmation with the parent if the bank allows it. And, of course, the use of any technical solutions must be accompanied by an explanation of how to use them safely.

Smart home threats for kids

In our interconnected world, an increasing number of devices — even everyday items like pet feeders — are becoming “smart” by connecting to the internet. However, as these devices become more sophisticated, they also become more susceptible to cyberattacks. This year, our researchers conducted a vulnerability study on a popular model of smart pet feeder. The findings revealed a number of serious security issues that could allow attackers to gain unauthorized access to the device and steal sensitive information such as video footage — potentially turning the feeder into a surveillance tool.

Despite the increasing number of threats, manufacturers are not rushing to create cyber-immune devices that preemptively prevent potential exploits of vulnerabilities. Meanwhile, the variety of different IoT devices purchased in households continues to grow. These devices are becoming the norm for children, which also means that children can become tools for cybercriminals in an attack. For instance, if a smart device becomes a fully functional surveillance tool and a child is home alone, cybercriminals could contact them through the device and request sensitive information such as their name, address, or even their parents’ credit card number and times when their parents are not at home. In a scenario such as this one, beyond just hacking the device, there is a risk of financial data loss or even a physical attack.

As we cannot restrict children from using smart home devices, our responsibility as parents is to maximize the security of these devices. This includes at least adjusting default security settings, setting new passwords, and explaining basic cybersecurity rules to children who use IoT devices.

I need my space!

As kids mature, they develop greater self-awareness, encompassing an understanding of their personal space, privacy, and sensitive data, both offline and in their online activities. The increasing accessibility of the internet means more children are prone to becoming aware of this. Consequently, when a parent firmly communicates the intent to install a parenting digital app on their child’s devices, not all children will take it calmly.

This is why parents now require the skill to discuss their child’s online experience and the importance of parenting digital apps for online safety while respecting the child’s personal space. This involves establishing clear boundaries and expectations, discussing the reasons for using the app with the child. Regular check-ins are also vital, and adjustments to the restrictions should be made as the child matures and develops a sense of responsibility. Learn more in our guide on kids’ first gadgets, where, together with experienced child psychologist Saliha Afridi, our privacy experts analyze a series of important milestones to understand how to introduce such apps into a child’s life properly and establish a meaningful dialogue about cybersecurity online.

Forbidden fruit can be… malicious

If an app is unavailable in one’s home region, a child may start looking for an alternative, but this alternative is often only a malicious copy. Even if they turn to official app stores like Google Play, they still run the risk of falling prey to cybercriminals. From 2020 to 2022, our researchers found more than 190 apps infected with the Harly Trojan on Google Play, which signed users up for paid services without their knowledge. A conservative estimate of the number of downloads of these apps is 4.8 million, while the actual figure of victims may be even higher.

Children are not the only ones following this trend; adults are as well, which was highlighted in our latest consumer cyberthreats predictions report as a part of the annual Kaspersky Security Bulletin. That’s why it’s crucial for kids and their parents to understand the fundamentals of cybersecurity. For instance, it’s important to pay attention to the permissions that an app requests when installing it: a simple calculator, for instance, shouldn’t need access to your location or contact list.

How to keep kids safe?

As we can see, many of the trends that are playing out in society today are also affecting children, making them potential targets for attackers. This includes both the development and popularity of AI and smart homes, as well as the expansion of the world of gaming and the fintech industry. Our experts are convinced that protecting children from cybersecurity threats in 2024 requires proactive measures from parents:

• By staying informed about the latest threats and actively monitoring their children’s online activities, parents can create a safer online environment for their kids.
• It’s crucial for parents to have open communication with their children about the potential risks they may encounter online and to enforce strict guidelines to ensure their safety.
• With the right tools such as Kaspersky Safe Kids, parents can effectively safeguard their children against cyberthreats in the digital age.
• To help parents introduce their children to cybersecurity amid the evolving threat landscape, our experts have developed the above-mentioned Kaspersky Cybersecurity Alphabet, with key concepts from the cybersecurity industry. In this book, your child can get to know about new technologies, learn the main cyber hygiene rules, find out how to avoid online threats, and recognize fraudsters’ tricks. After reading this book together, you’ll be sure that your offspring knows how to distinguish a phishing website, how VPN and QR-codes work, and even what encryption and honeypots are and what role they play in modern cybersecurity. You can download the pdf version of the book and also the Kaspersky Cybersecurity Alphabet poster for free.

Together with clinical psychologist Dr. Saliha Afridi, Kaspersky is presenting cybersecurity and psychological considerations that parents would do well to be aware of before giving their kids their very first tech gadgets.

What to do before giving a gadget to a child?

Set up a Child Account before giving your offspring their first gadget. Whether it’s a phone or a tablet, it’s crucial to ensure the age-appropriateness and safety of the gadget. Even if it’s a brand-new gift, prioritize setting up this feature. A Child Account acts as a safeguard on the device, preventing things like downloads of mature content or songs with explicit content. For detailed guidance on creating a kid’s account, refer to our guide for Android or the one for iOS.

Install all the basic applications that support either communication or geo-location (like messenger and map apps), plus learning applications. And don’t forget to set up the privacy and confidentiality settings in each of the installed applications, so that the child, for example, isn’t discoverable via their phone number by unknown individuals. Tools like Privacy Checker can assist you in tailoring the optimal protection settings for various devices and platforms.

Remember to install a digital parenting app as well. This will empower you to curate content, monitor the amount of time your kid spends on specific apps (and set limits if needed), and track their current location.

How to introduce a new device into a child’s life?

Walk them through the device’s functionalities as well as the potential dangers when gifting them a new gadget. This is an opportune moment to explore its features and understand its potential pitfalls.

Craft a set of family usage rules together. In this conversation, it’s important to foster an understanding and consensus about the responsibilities and expectations tied to device ownership. To ensure a healthy balance, establish tech-free zones and times — perhaps during dinner or the hours leading up to bedtime. Designate moments for non-tech hobbies like reading, outdoor games, or puzzles, which can act as beneficial alternatives to screen time. Periodically revisiting and refining these rules as your kid grows and technology advances is key.

And remember — unless a kid shows a healthy level of engagement with real-life activities and in-person socializing, don’t introduce a smartphone or social media. One way they can earn a device is by showing that they’re capable of doing the “non-negotiables” regularly and consistently. These include sleep, exercise, homework, socializing, eating healthily, and wakeful resting periods.

How to talk to a child about online safety?

Encourage open communication from the outset. Engage junior in conversations about their online experiences — ensuring they feel safe to share both the good and the bad experiences.

Stay up to date with the latest digital trends and threats as well as high-profile cyberbullying or data breaches. Share this information with your child in a way they understand. You can learn the latest cybersecurity news via our blog.

Bring up the permanence of online actions. This includes how things shared online stay there forever and can affect their reputation and future opportunities. Kids should be especially careful about information they share about themselves: never giving out their address, geolocation or login credentials and passwords. Additionally, they should avoid using their real names as user IDs, as these can be potential clues for attackers to discover their other social media accounts. Help them understand the concept of privacy and the potential risks of sharing too much information.

Teach your kid that accepting friend requests from unfamiliar individuals in real life should be avoided. It’s crucial to explain that if someone they don’t know is persistently trying to find out personal information about them or their parents, it’s a cause for concern. Your child shouldn’t feel they’re being rude or impolite if they don’t respond to a request for friendship. In social networks, just like in life, there needs to be privacy.

By having such conversations and educating your children about online risks in a non-confrontational manner, you raise your kids being more likely to approach you when they encounter something questionable online. You should make sure they maintain a stance of curiosity — not judgment or fear. Your reactions will determine how open they feel about sharing in the future.

And a digital parenting app serves here as a valuable tool to enable you to monitor your kids’ online searches and activity, ensuring a safer online experience.

What are the main risks I should tell my child about?

In our digital age, kids are vulnerable to cybercriminals, often because they’re unfamiliar with essential cybersecurity principles and common scam tactics. It’s our duty as guardians to educate them on these matters before they inadvertently fall prey to them.

For instance, guide your kid in identifying deceptive commercials, bogus survey requests, counterfeit lotteries, and other schemes that can jeopardize their personal data. Help them grasp the reality that, while it might be tempting to download a Barbie movie ahead of its official release, offers like these could be ploys by cybercriminals aimed at pilfering data or even siphoning money from their parents’ cards. A reliable security solution can detect and block any phishing websites or any malicious software.

Instill in your child the habit of being critical and cautious when online. Teach them to pause before clicking when it comes to dubious links, unfamiliar email attachments, or messages from unknown entities. Discuss the appropriate permissions apps should have on their devices. For example, there’s no valid reason for a Calculator app to request geolocation access.

Make conversations about cybersecurity more enjoyable and interesting by discussing the topic through games and other entertaining formats. Most importantly, instill confidence in them to approach a trusted adult when faced with unsettling or suspicious situations online.

How to check that you’re prepared?

Once a gadget appears, your family’s life will inevitably undergo a transformation, as your kid will be drawn into the realm of the internet. Rather than forbidding it, it’s advisable to guide them on proper online behavior — if used correctly, a gadget can really help kids learn and grow. However, this can only happen if they know when and how to alert their parents about any online threats they come across – whether they’re receiving strange messages from adults, requests for personal information, or stumbling upon phishing sites.

Learning, however, is a gradual process, and it doesn’t guarantee perfection from the start. Mistakes will naturally occur, such as your kid accidentally downloading malware or engaging with suspicious individuals or struggling with screen time management. Nonetheless, your role as a parent is to provide support and assistance in their learning process. Only this way can you help your child be safe online.

To get ready for the challenge, we suggest taking a peek at our complete handbook for parents about getting your kid’s first gadget.

What should I do before give a gadget to my kid?

1. Create a child account
2. Disable in-app purchases
3. Install essential apps
4. Adjust app privacy
5. Use a digital parenting app (like Kaspersky Safe Kids)
6. Set age-appropriate filters
7. Block unknown calls

How do I introduce a new gadget to my child?

1. Establish family rules and good tech-habits
2. Create tech-free zones and times
3. Promote non-tech activities
4. Limit your kid’s phone usage during:
   • meals
   • bedtime
   • family gatherings and outings
   • homework and studying
   • hosting social gatherings
   • engaging in outdoor activities
   • morning routines

What online safety rules should my child know?

1. Set clear ground rules about what they can and can’t do online
2. Teach them privacy basics and tell them about the risks of oversharing
3. Emphasize that they should never share personal info or login details
4. Advise children to use non-personal usernames

What are the main online risks I should tell my kid about?

1. Watch out for phishing scams
2. Avoid unauthorized game downloads
3. Ignore intrusive ads and surveys
4. Exercise caution regarding links and email attachments
5. Seek help if uncomfortable or suspicious regarding something online
6. Use unique passwords, and consider Kaspersky Password Manager  for security

How do I help my children avoid online strangers?

1. Telling them to say no to unknown friend requests
2. Telling them to become suspicious if someone asks personal questions
3. Maintaining open communication about your kids’ online activities

What online gaming safety advice should I give?

1. Play with friends you know
2. Enable a “gaming mode” for safety
3. Download games only from trusted stores
4. Ignore chat-room links
5. Never share passwords – even with friends

My kid is being bullied on the Internet. What should I do?

1. Listen to them without interrupting
2. Make them feel both safe and understood
3. Take screenshots of harmful content
4. Discourage retaliation
5. Update privacy settings, change passwords, block or report the bully
6. Report to the school
7. Consider professional help for stress-related signs

My kid is bullying others online. What should I do?

1. Stay calm, gather evidence, and understand the context
2. Get your child’s side of the story
3. Help them see the impact on others
4. Encourage an apology to the victim
5. Without being overly invasive, consider using digital parenting apps
6. Promote responsible online behavior
7. Seek professional help if necessary

What questions should I ask my child to ensure their online experience is safe?

1. What’s interesting online today?
2. Anything confusing encountered?
3. Do you chat or game with strangers?
4. How do you choose what to share?
5. Have you ever felt uncomfortable online?
6. Are there any new apps or websites you enjoy?
7. Do you know how to handle inappropriate messages?
8. Have you ever seen someone being unkind online? How did you react?

How do I monitor my kids online without invading their privacy?

1. Talk about their online experience
2. Engage in their online activities together
3. Use safety-focused parenting apps
4. Explain why certain controls are needed
5. Shift from monitoring to mentoring
6. Stay updated on digital trends and share insights

What are signs of a negative impact of devices on my kids?

1. Lower grades
2. Less physical and social activity
3. Eye strain, poor sleep, bad posture
4. More irritability, withdrawal
5. Neglecting hobbies, responsibilities
6. Anxiety, depression, low self-esteem
7. Shorter attention span, memory issues

We’ve explored the crucial steps for empowering both you and your child in the digital realm. For your convenience, download our PDF handbook — a practical resource to help you navigate your child’s tech journey with confidence.

Now, if you were raised in the 80s/90s and are a little bit like me, there’s a chance that your parents didn’t always see these letters/results and the letters maybe had a forged signature or two. To be fair, karma caught up with me on a few occasions and my son wrote a note to his teacher once as well signing it with “Love, name redacted’s Mom”.

While my son’s note gave all involved a chuckle, in all seriousness, technology has now enabled communications between parents and teachers and also teachers and their students. Likewise, there are multiple ways for students to connect with other students. With all these tech-enabled communications for school, there are multiple “human element” fail points – so being a security company with a blog, we’d be remiss not to offer some tips to keep you and your kids safe and sound.

Parent to teacher

Who remembers the pandemic? You know, the one that introduced us to the lovely world of remote learning. At the time, it was nice to see how the educational system was flexible enough to embrace technology quickly and assure that the kiddos’ education could continue.

Fast-forward a few years to today and the technology still has a firm grip within the school systems. As a resident of the U.S., my children are now using Chromebooks vs textbooks and there are various apps that the teachers use to keep us up to date on progress. There are a number of these apps and they’ll vary from case to case, but ours are Remind and Google Classroom.

While these platforms are very integrated and easy, they still also tie into emails. So parents should be extra careful to make sure that the sender and the links within mails aren’t malicious.

Student to teacher

The above-listed apps are also used for students to communicate with teachers; however, they also have the added level of an internal email that could be used to communicate with the teachers directly. While email in Google’s ecosystem should be locked down and be more of an internal messenger, it’s good practice to let kids know they should be cautious of what they’re sending to teachers, as well as the links that teachers are sending along that direct them outside their school’s ecosystem.

Student to student

Perhaps the most tricky part of kids going to tech-enabled school is that we live in a tech-enabled society. This means that (almost) everyone has a smartphone or other connected device and the ills that come with them – including messaging apps, social networks, a camera and SMS.

Perhaps the biggest risk that we have when discussing schools and tech is the phones within the pockets of our little ones. There are simply too many avenues for sharing that our kids can take advantage of. As parents, we need to make sure that we have them set up with a device that’s secure. And before you say it, NO – the device is not secure out of the box, despite marketing messaging. You should make sure that you install a reliable security solution on any device your kids use to help add in a layer of extra protection. Here are some tips that can help further securing the phone.

Sharing is not always caring

This final tip is for both parents and kids. Repeat after me: Sharing is not always caring.

While many applications provide the ability to share what you’ve received via various channels, when it comes to schooling, this should be avoided. Also, as mentioned, our phones are the biggest risk to us.

We literally have at our fingertips the ability to broadcast our opinions, thoughts, pictures, videos…  even what we’re doing on the toilet in real time and to the whole world. Sure, this is empowering, but it is also something that could come back to hurt us.

This is a lesson we need to remember as parents and also to impart to our children. Being prudent is a huge part of life: not everything needs to be shared. We all need to take a minute to take a step back and think about what we’re doing before hitting send.

Now, before I preach to the choir, I’ll admit that I often post stupid things: you can see this on my X, for example; however, I still think before hitting send. As parents, we need to let our kids know that the stuff they post could not only get them in trouble (broadcasting fights, illegal activity, etc.), but also that there are things that could hurt them well down the line in the employment space. As they say… the internet never forgets!

Electronic diaries

Electronic study-diaries and virtual classroom websites are used these days to help administer  the educational process. Educators use them to share lesson schedules, homework assignments, and announcements. And parents can see their kids’ grades, or even chat with their teachers.

The main problem with such web applications is the substandard protection of personal data that’s provided. In 2020, the attorney general of the U.S. state of New Mexico even filed a lawsuit against Google Classroom, citing the company’s alleged practice of collecting personal data from children and using it for commercial purposes. And in 2022, the Dutch Ministry of Education introduced a number of restrictions on the use of Google services in schools for the exact same reason.

Unfortunately, in most cases parents have no control over what services schools decide to use. The story of Google Classroom is by no means the worst. Issues with the service have been openly discussed for a long time, and Google has been forced to take note and beef up its protection. But, as a father of three, I’ve had the (mis)fortune of seeing other electronic diaries in action, where the situation with personal data storage and transfer is nothing if not murky.

What can parents do about this? Asking the school for all details about privacy and personal data usage in all services you need is a good start. And teach your kid how to leave as little personal data as possible on such sites.

Videoconferencing

The covid lockdown was a big eye-opener for many kids: turns out you don’t need to go to school! Lessons suddenly became more fun but for the wrong reasons: my daughter chats with her teacher in one window — and watches a movie or plays a game in another (or on a different device).

Such distance “learning” only adds to the worries of parents. Even before covid, we had to monitor what our kids were downloading, since banking Trojans, spyware and ransomware are forever sneaking in under the guise of legal apps — even in Google Play and other official stores. But at least in school they were less exposed to such threats, because internet usage was not generally a part of in-class learning.

With the distance-learning revolution, however, there are now even more apps on our kids’ tablets for us parents to fret about, as well as unlimited internet use for “study” purposes.

And although the lockdowns are long over, many schools continue to practice distance learning for some classes. Meanwhile, Zoom, Teams, and other videoconferencing platforms remain vulnerable to attacks. The most obvious consequence of such attacks, as before, is personal data leakage. But it can get worse: if a malicious third party were to gain access to a virtual classroom, they might show some decidedly “non-kid-suitable” videos.

And even if parents are versed in the safe hosting of video chats, they are unlikely to be able to influence the school’s choice of tools. Here, too, you should ask the school for an explanation as to why an insecure program was chosen.

In addition, you need to teach your kids the basic safety rules of using such apps. In particular, your child should learn to turn off both the microphone and camera when not required, as well as to blur the background and disable screen-sharing by default. And of course, your child should never accept video chat invitations from strangers — or communicate with any if they do show up uninvited to a video conference.

And it goes without saying that all devices your child uses should be protected with a reliable security solution — one that guards against viruses and personal data leaks on computers and mobile devices, and keeps your kid’s privacy intact. Remember that with your free annual subscription to Kaspersky Safe Kids as part of Kaspersky Premium, in addition to total protection for all devices, you get powerful parental controls over your child’s online activity and offline location.

Kids’ favorite school day is typically the last day of the academic year: the onset of summer and freedom – what could be better? Hell, Alice Cooper even wrote a song about it.

For parents, this day is often dreaded: it leads to their having to add roles of entertainer, chauffer, chef, nanny, etc. to their regular day-to-day parenting tasks and/or employment. Parents’ fave school day of the year is the one kids dread the most – the first day of school!

While my colleague Alexey Andreev gave some good back-to-school tips the other day, I wanted to take an approach that’s more reflective on the things that I’ve helped my kids with, and which I hope might help other parents – especially given how interconnected devices are now in the learning experience.

Online decorum

Let’s face it, our kids are going through life in a way that was quite frankly unimaginable – or science fiction – to us as we were growing up. I’m in my 40s, so my younger years saw computers only starting to appear in homes, and internet was dial-up. We learned as the platforms and technology grew.

However, our kids have been online in some way, shape or form since they came into the world (true “digital natives”). You more than likely posted pics of your new baby as a semi-internet brag (no shame there). But for kids, both the internet and digital devices have always been an integral part of their lives – and are tied to the classroom as well.

As the new school year kicks off, it’s good to remind our kids that online conversations are similar to those that take place in person – albeit behind a computer screen. While we all know that there are nuanced differences – kids are smart and will learn this – it’s important to let them know that there are consequences for actions done online – just as offline. Quite simply for parents, this should mean letting them know how to be good human beings both offline and on.

Devices: when to use them – and when not

We held off on getting our kids mobile devices. We felt that reaching middle school was the right time, since they were across town and had many afterschool activities; however, this of course varies from family to family.

Similar to Peter Parker’s powers, a phone is the ultimate tool for kids: they can connect to anyone at any time. As parents, it’s our job to balance “power and responsibility” for our kids, and not only preach about when it’s OK to be on their devices at school, but also when they shouldn’t be on them. This can be while hanging out with friends, at the dinner table, and anywhere in-between.

There are rules – and there are consequences if they’re not followed.

Parental controls

If our kids don’t follow the mobile device rules at school, there’s a good chance they’ll have the device confiscated. However, we also need to make sure they know what’s OK and what’s not OK regarding what’s done on their phones – from apps used to sites visited.

To do this, there need to be some restrictions set by parents. Now, in no way should this be done sneakily. It should be some kind of pact with the kids where they’re aware of why the restrictions are needed. Some parents do it by knowing their kids’ passwords and always being able to look at their devices, but for us – we wanted something a bit more manageable and that we could show to our son.

For us, this was a combination of Google Family and Kaspersky Safe Kids. We feel each of these offer adequate options, but we wanted both – for an added sense of ease.

Each week we look at the stats, what he’s done online, and also ask him why he wants to install a given app if it seems to make sense. We’d done earlier this with his Chromebook, too, so he was already used to the “format”.

Looking at the numbers allows us to ask why he spent so much time on this or that, and show him that while we don’t look at all sites and videos he’s watched on YouTube, we could. He appreciates this. However, we also showed him that we’re able to lock his devices – so he’d better stay on point!

Free Wi-Fi! Or is it?

While we can help our son understand the ways to be a good human online, one thing that we have to continue to teach him is security.

Perhaps the most important is about Wi-Fi – it’s often “free” everywhere, and faster than mobile, so wanting to connect is understandable. We stress to our kids the hidden dangers of Wi-Fi (email and/or phone number submission, etc.), as well as the potential for malicious actors messing with Wi-Fi access.

While it’s common to think “no one wants my info” or “who cares who sees what I am doing online”, it’s still something that we need to help educate our kids on (for example, through useful Kaspersky resources; see the below list of links). Free is not always the best – especially when it comes to the choices of data trading.

I believe that if we teach kids about thinking through connecting to Wi-Fi with questionable provenance, this knowledge will eventually spread to their networks of friends and classmates – and hopefully to a smarter and more secure next generation online.

No matter what you do with your kids when it comes to devices (we don’t judge), we hope that you’re taking security and safety into consideration. If you need some more tips, take a look through the articles below:

• Back-to-school threats: gadgets
• Keeping kids safe: a new variation on an old theme
• Protecting teens’ mental health on social media
• How to protect your credit card from small kids or from a young gamer
• How to help children adapt to the digital world
• How to set up good parental control

P.S. All these tips are also good for parents as well.

In this series of posts, we explain what cyberthreats should be front-of-mind for parents in the new school year. Let’s start with the fundamentals, with the hardware — that is, with securing the devices that today’s schoolchildren can’t (or can) live without.

Geolocation, or “where are my kids?”

When I was in school, the only way my folks could track my class-skipping was from the attendance register. Today, parents have it easy in one sense: they can keep a close eye on their kids using smart gadgets. The downside, of course, is that those parents are becoming obsessed with their little ones’ whereabouts and physical safety. Even tiny tots can be watched over by a baby monitor or even a doll. And to oversee school attendance, parents offer their offspring smartwatches and other wearable trackers.

There are security issues common to all these devices. First, in the rush to bring their products to market, developers often fail to test them for vulnerabilities. Second, many of these new devices have uncommon architectures. This can means that either there are no antiviruses for them, or there’s no available interface to put a security solution in place.

This plays rights into the hands of hackers, who can connect to a smartwatch and spy on the wearer, or download a Trojan onto it to steal valuable data.

In addition, a smartwatch or tracker is yet another device you need to buy, monitor its battery, wrestle with the settings… But wait! Your child probably has a smartphone already, right? (To keep it safe, check out our step-by-step guide on how to ensure its security.) So that means you can install the Kaspersky Safe Kids app (available for iOS and Android), which, among other things, lets you monitor your child’s movements in real time. The map simultaneously displays all of your children’s devices, together with the battery level of each, so you can see at a glance where all of them are and whether you need to call someone to get them to recharge their phone.

The Kaspersky Safe Kids home screen shows both where your kids are and how much charge is left on their phones.

By the way, you can now get Kaspersky Safe Kids free with a Kaspersky Premium subscription to protect all of your family members’ devices from just about any threat.

Gadgets for study? We wish…

With the transition to digital teaching aids, parents face the question of which device to get for their kids. A mobile phone won’t do: small screens hurt the eyes. And to write essays you need a normal keyboard.

A shiny new iPad or MacBook Air, then? If it’s a junior schoolchild we’re talking about, bursting with energy, I wouldn’t advise it. An expensive tablet or laptop is likely to get smashed, along with your nervous system. Don’t even ask how many broken screens I, a father of three, have had to replace already. These troubles end only (if you’re lucky) when your kids become teenagers, when they’re likely to start to take more care of their devices — probably due to FOMO, since at that age social life is everything, and for today’s youth a huge part of it takes place online.

Maybe give your kid a hand-me-down laptop or tablet? Your wallet would appreciate it, but it’s not a win-win. Your old devices need to be scrubbed clean (digitally at least) before they get anywhere near your kids. For tablets and mobile devices, a full reset of all settings and data is best; for laptops — reinstall the operating system. And clear all traces of your Apple or Google IDs if you don’t want to repeat my wife’s experience: she gave our daughter her old tablet, which was still logged into all her accounts… linked to her bank cards… So after just a few minutes of play, our daughter went on an online shopping spree!

Another option is “school” tablets and laptops, which are simpler and cheaper models. Some of them, like Chromebooks, are even positioned as more secure. That said, many threats — such as fake browser extensions, hidden cryptominers, phishing/malicious websites — affect Chromebooks, too.

Wi-Fi freeloading is dangerous

A lot of parent-child conflicts these days stem from kids spending too much time online or visiting inappropriate sites. The most common method of control is to limit both screen time and screen access with the help of a parental control app such as Kaspersky Safe Kids. But some parents think it’s enough to just impose general internet-wide restrictions: when the paid-for data allowance runs out — no more access.

But this simply encourages children to look for free access on the side. And they’re sure to find it! Either a friend will set up a Wi-Fi hotspot on their iPhone right there in class, or a nearby cafe will let anyone connect without a password. Needless to say, it’s easy to stumble across a fake access point and fall victim to scammers.

There are two ways to overcome this problem. The radical option is to ban connections to unknown Wi-Fi networks on your child’s smartphone and block access to settings by means of an additional security code (for Android smartphones when using Kaspersky: Antivirus & VPN) or Parental Control. This should work for younger schoolchildren.

With teens, bans are likely to fail. So you’ll have to adopt the more liberal option of teaching your child the rules of safe Wi-Fi use. In particular, they need to know that a VPN is not just for anonymous browsing of dubious sites, but for encrypting the connection even when using unsecured Wi-Fi.

Get maxed-out protection

But no matter how you explain the rules of cybersecurity to your kids, remember they’re a lot younger and naiver than you, and therefore more vulnerable to online scams. That’s why it’s imperative to install and configure a reliable security solution on every single device you give them — one that will protect your kids not only from viruses, but also from phishing, spam calls and data leaks, as well as mindfully guard their online privacy.

Parenting is becoming harder with every new year: the number of gadgets kids use is increasing, while younger brothers and sisters seem to catch up with astonishing speed — leading to their getting devices of their own. And Kaspersky Safe Kids needs to keep up with the times — to keep on developing and improving; which it does! An updated version of Kaspersky Safe Kids for both Android and iOS is now available to all users, and it makes parents’ busy lives noticeably easier.

Keeping your kids where you can “see” them

The Kaspersky Safe Kids main screen on the parent’s phone provides instant visibility of kids’ current status.

Parents’ most frequent concerns are their kids’ safety and location, so the main screen puts a map front and center. This displays all kids’ devices and their battery levels so you can tell at a glance where your offspring are, or if it’s about time you called them to tell them to go find a charger.

Settings for your kids and their devices are arranged as a strip with two rows: you select the child’s name above and the device, below.

Updated Kaspersky Safe Kids main screen.

The main screen is composed of widgets, which you can move around to suit your digital parenting priorities. If you’re mainly concerned about what a child is doing most of all on their phone, you can raise the screen time counter to the top and track the apps most time is spent on.

How does your child use their screen time?

If your priority is keeping age-restricted content away, a tap of a button right on the main screen will display the My Kaspersky website with detailed reports on websites visited and videos watched.

These are some of the customizable widgets:

• child’s requests for app launches and website visits
• total screen time
• detailed activity graph showing when various gadgets (phones, computers, and tablets) were used
• favorite apps and time spent in these
• web-search history
• website-browsing history
• YouTube search and watch history
• remote device block with one tap (except calls and allowed apps)

Tapping on a widget opens settings or detailed reports.

New tips

According to many parents, tried-and-tested advice is their biggest helper: tips from pundits, teachers and psychologists, and lifehacks from other parents. Kaspersky Safe Kids has long provided expert recommendations on how to talk to children about cutting down on screen time, obnoxious content on the web, and so on. The tips now cover a broader range of topics and use vivid icons on the home screen below the map (Instagram stories, anyone?), so you are sure to notice them.

Updated Kaspersky Safe Kids options.

Being honest with your kids

We are unwavering supporters of honest conversations between parents and their kids when it comes to setting limits — a subject that hardly any children have much enthusiasm for. The kids’ version of the app used to have only an administrative interface, which parents alone could log in to. The latest version of Kaspersky Safe Kids updates kids’ main screen experience: the child can now check how much screen time is left for the day, and how parents responded to their requests to visit a website or open an app. We’ve made the main screen look a bit playful too — something that kids between the ages of six and twelve tend to like.

Updated main screen for children in Kaspersky Safe Kids.

In general, the updated mobile versions for both iOS and Android have become much more convenient while retaining the most important thing — reliable protection — thanks to which Kaspersky Safe Kids has received the Approved Parental Control Software certificate from independent test laboratory AV-TEST for seven years in a row, blocking almost 100% of inappropriate content.

By the way, instead of just blocking every website or type of content, we recommend that you talk to your child about building healthy digital habits. Let’s be honest — those are something we as adults could use too.

PS: Kaspersky Safe Kids is now included for free for a full year’s use in our new Premium subscription!

Although children spend less time playing online games than adults, they remain one of the most sought-after targets for cybercriminals: after all, a kid can often easily lead you to their parent’s bank card.

Free cheese still smells nice

One of the most common scams targeting young gamers takes the form of an offer to generate in-game currency for free. That’s because kids today would rather get in-game currency from their parents than pocket money. To be the coolest-of-the-cool in pretty much any online game, you need virtual coins, and lots of them — such as V-bucks in Fortnite or Robux in Roblox. To avoid having to ask their parents to fork out, children are always on the lookout for free coins, which makes them vulnerable to cybercriminals.

Relying on most children’s rudimentary knowledge of cybersecurity, scammers don’t even bother with clever schemes: they literally spell out what data they want from their victims. For instance, on one phishing site that pretends to generate gems — the currency of the popular children’s game Brawl Stars — users are asked to answer just four questions to get as many gems as they please. As well as the desired number of gems and their in-game name, the user also has to hand over the e-mail address linked to the Supercell online game store and, guess what, the password for it! Why the young gamer needs to share this data, the creators of the site never explain.

Now in possession of the victim’s e-mail, the attackers can get a security code to log in to the Supercell account and hijack it by changing the password. So, instead of picking up lots of free gems, the unfortunate player may lose both their mail account and all their accumulated experience and currency in Brawl Stars.

Free cheeeeeese!

Other scams are even more primitive. One site we found invited users to download Valorant cheats that give an advantage over other players, together with a detailed installation guide.

One of the instructions was to disable all antivirus software before installing the file — otherwise the cheat would be flagged as a false positive and not be installed. The executable file is packed in a password-protected Winrar archive, the contents of which cannot be checked by the antivirus before unpacking, and it must be “Run as administrator” so that the virus gains full access to the victim’s computer. The longer the victim’s antivirus is disabled, the more data the scammers can potentially pump out. It helps if the child has their own computer, but what if it’s a shared home computer full of parental data, including passwords and bank card details?

The winner takes it all. From your PC.

Almost any adult would smell the cheese in the mousetrap, but to kids who know little about cybercriminal tricks, nothing feels off. Statistics show that malware disguised as Minecraft or Roblox was downloaded 3–4 times more often than games for mature audience. For more examples of child-targeting scams, see our threat report for young gamers.

The more experienced the player, the trickier the scam

To fool hardcore gamers, scammers have to be far more sophisticated. Targeting an adult audience, they create phishing sites that mimic 18+ games, such as GTA Online. But the result is the same: the victim is either scammed out of their data and game account, or asked to take an online “I’m not a robot” test, with the offer of a prize — for example, the latest iPhone or a PlayStation 5. Only, to receive it, a small commission needs to be paid. And as you may have guessed, after paying this the gamer gets no prize and may compromise their bank card instead.

Haven’t you seen the “Grand Theft” inscription? You were warned…

Also this year, cybercriminals have learned how to mimic the in-game stores of such popular games as CS:GO, PUBG, and Warface. To get a good skin at a low price, victims had to enter their credentials for Steam, or even for social networks like Twitter or Facebook. As soon as they entered this data, their account fell straight into the hands of the cybercriminals, and all the skins and artifacts there were sold to other gamers.

A farewell to arms

Another common trick is to offer bundles (tens or even hundreds) of licensed games for peanuts. But this meager sum must be paid from your bank card. Or you can get a “Battle pass” for free, but to confirm, say, your age, you need to give the numbers on both the front and back of your credit card. No prizes for guessing that this data will most likely be stolen and then sold on the dark web.

It won’t ever be as cheap as this! Oh, wait…

How to protect yourself against such threats?

Whether you’re a rookie or hardcore gamer, the threats you face are the same, and it’s worth knowing how to guard against them:

• Use strong passwords — a unique one for each account. Then, even if one of your accounts is hijacked, the others will still be yours. Don’t trust your memory? A password manager can help.
• Protect your accounts further with two-factor authentication.
• Use virtual bank cards and refill their balance exactly for the purchase amount. By entering the numbers from your bank card, you risk losing all the funds you have there. And remember that a bundle of licensed games selling for a song is a reason to be wary.
• Install a reliable antivirus solution on your computer — one that works seamlessly with Steam and other gaming platforms.

Kaspersky's antivirus products have a special game mode that automatically activates when you start games. Antivirus database updates, scheduled drive scans, and notifications are suspended in this mode, but protection continues to run in the background. Which means:

• your system is securely protected from any malware;
• your personal data is monitored for leaks;
• your passwords are stored in a secure, encrypted vault;
• all links you follow are checked for scams and phishing;
• your IP address is hidden by a VPN, which encrypts transmitted data and, by choosing the right server, improves ping/latency;
• finally, the operating system settings are optimized so you don’t lose a single millisecond of gaming.