VTech flag imperfections of the tablet after the BBC Watchdog probe - BBC News

Innotab MaxAuthor's image
VTech

Image caption

VTech allows parents to determine which sites their children can visit with the tablet

The VTech website, a gadget maker for children, is promoting a security solution for its flagship tablet, following a BBC Watchdog Live survey.

The Storio Max – which is called InnoTab Max in the UK – suffers from a software flaw that could allow hackers to take remote control of the device and spy on their users.

VTech was alerted of the vulnerability months ago by a UK computer security company.

The Chinese company has issued a correction but some parents have not yet installed it.

The notice at the top of his homepage and the broadcast of the BBC program should ensure that the problem becomes more apparent.

Previously it was based on pop-up alerts that appeared on the devices themselves to push owners to action.

VTech said it was also contacting resellers who sell affected units.

The issue came to light almost three years after the company was criticized for its management of a separate cyber security incident that exposed millions of details of its minor client accounts.

Vtech markets Max tablets for children between the ages of three and nine.

"This was a" controlled and targeted ethical attack "by … a sophisticated IT company that had a detailed understanding of InnoTab / Storio Max's hacking techniques and firmware," VTech said in a statement on the last incident.

"We are not aware of any actual attempts to exploit the vulnerability and consider the prospects of this remote event.

"However, child safety is our priority and we are constantly trying to improve the safety of our devices."

Hacked webcam

Max Vtech tablets are designed to allow parents to restrict their children to websites they have personally approved.

Author's image
VTech

Image caption

VTech markets the tablets as suitable for children of three years

But at the start of this year, SureCloud researchers, based in London, discovered a flaw in the company's software that, in their view, were vulnerable to attack if one or more pre-sites -controllati had been compromised.

"Finding the vulnerability in the first place was not easy," Luke Potter, director of information security practices at the company, told BBC News.

"But to really exploit it once you know it's there, it's pretty simple."

The defect indicates that the malicious code can be activated remotely to run on devices from a distance.

Mr. Potter said that this could result in the use of "ready-to-use" malware available from criminal markets or custom code execution.

"Remote access can be acquired without the child knowing," he explained.

"So effectively be able to monitor the child, listen to them, talk to them, have full access and control of the device.

"For example, we have shown to visualize things through the webcam."

"Strict tests"

Mr. Potter said that, after informing VTech of the problem, it was quick to publish a software solution in May.

VTech boasts its security credentials on its website, stating that "through rigorous testing, we maintain strict control and supervision over the quality of our products".

Author's image
VTech

Image caption

SecureCloud said the problem was in the VTech software and not in the underlying Android system

He told Watchdog Live: "We thank SureCloud for bringing this vulnerability … to our attention.We took immediate action at the beginning of the summer to solve the problem and we decided to update the firmware to all devices InnoTab / Storio Max interested in Europe. "

The company added that it recently sent an e-mail to European owners who had not upgraded to invite them to do so.

But until the BBC Watchdog Live was involved, VTech had not specifically warned customers about the security vulnerability or the risks it entailed.

An "update reminder" on its website is now more explicit and provides a detailed guide illustrated for the application of the correction.

However, Mr. Potter said the problem could have been picked up earlier if the tablets had been subjected to more thorough checks before being put on sale.

"Any cyber security company that follows a best practice approach to testing these devices … may have identified this problem," he said.

The full report on the vulnerability can be seen on Watchdog Live tonight at 2000GMT on BBC One.

Leave a comment

Send a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.