{"id":5118,"date":"2018-12-05T11:11:01","date_gmt":"2018-12-05T11:11:01","guid":{"rendered":"http:\/\/www.styledeals.co.uk\/blog\/vtech-flags-tablet-flaw-after-bbc-watchdog-probe\/"},"modified":"2018-12-05T11:11:01","modified_gmt":"2018-12-05T11:11:01","slug":"vtech-flags-tablet-flaw-after-bbc-watchdog-probe","status":"publish","type":"post","link":"https:\/\/www.styledeals.co.uk\/blog\/vtech-flags-tablet-flaw-after-bbc-watchdog-probe\/","title":{"rendered":"VTech flags tablet flaw after BBC Watchdog probe"},"content":{"rendered":"\n
\n
<\/p>\n

\"InnotabImage copyright<\/span>
\n VTech<\/span><\/p>\n

<\/span>

Image caption<\/span>
\n
\n VTech allows parents to determine which sites their children can visit with the tablet
\n <\/span>
\n <\/figcaption><\/figure>\n

Child gadget-maker VTech’s website is promoting a security fix for its flagship tablet, following an investigation by BBC Watchdog Live.<\/p>\n

The Storio Max – which is called the InnoTab Max in the UK – suffers a software flaw that could allow hackers to remotely take control of the device and snoop on its users.<\/p>\n

VTech was alerted to the vulnerability months ago by a UK cyber-security firm.<\/p>\n

The Chinese company issued a fix but some parents have yet to install it.<\/p>\n

The notice at the top of its homepage and the broadcast of the BBC programme should ensure the issue gets more prominence. <\/p>\n

It had previously relied on pop-up alerts that appeared on the devices themselves to prompt owners into action.<\/p>\n

VTech said it was also contacting retailers that are selling affected units.<\/p>\n

The issue has come to light nearly three years after the firm was criticised for its handling of a separate cyber-security incident<\/a> that exposed millions of its child customers’ account details.<\/p>\n

Vtech markets the Max tablets to children aged between three and nine years old.<\/p>\n

“This was a controlled and targeted ‘ethical hack’ by… a sophisticated cyber-firm that was in possession of a detailed knowledge of hacking techniques and InnoTab\/Storio Max’s firmware,” said VTech in a statement about the latest incident.<\/p>\n

“We are not aware of any actual attempt to exploit the vulnerability and we consider the prospects of this happening to be remote.<\/p>\n

“However, the safety of children is our top priority and we are constantly looking to improve the security of our devices.”<\/p>\n

Hacked webcam<\/h2>\n

Vtech’s Max tablets are designed to allow parents to restrict their children to websites that they have personally approved.<\/p>\n

<\/p>\n

Image copyright<\/span>
\n VTech<\/span><\/p>\n

<\/span>

Image caption<\/span>
\n
\n VTech markets the tablets as being suitable for children as young as three
\n <\/span>
\n <\/figcaption><\/figure>\n

But earlier this year, researchers at London-based SureCloud discovered a flaw in the firm’s software that they said made it vulnerable to attack if one or more of the pre-vetted sites were compromised.<\/p>\n

“To find the vulnerability in the first place wasn’t easy,” Luke Potter, the firm’s cyber-security practice director told BBC News.<\/p>\n

“But to actually exploit it once you know it’s there is reasonably simple.”<\/p>\n

The flaw means that malicious code can be remotely triggered to run on the devices from afar. <\/p>\n

Mr Potter said this could involve making use of “off-the-shelf” malware available from criminal markets or running customised code.<\/p>\n

“Remote access can be gained without the child even knowing,” he explained.<\/p>\n

“So effectively being able to monitor the child, listen to them, talk to them, have full access and control of the device.<\/p>\n

“For example, we demonstrated viewing things through the webcam.”<\/p>\n

‘Rigorous tests’<\/h2>\n

Mr Potter said that after his firm informed VTech of the problem it was quick to issue a software fix in May.<\/p>\n

VTech boasts about its safety credentials on its website, saying that ‘”through rigorous testing, we maintain strict control and supervision over the quality of our products”.<\/p>\n

<\/p>\n

Image copyright<\/span>
\n VTech<\/span><\/p>\n

<\/span>

Image caption<\/span>
\n
\n SecureCloud said the problem was in VTech’s software and not the underlying Android system
\n <\/span>
\n <\/figcaption><\/figure>\n

It told Watchdog Live: “We thank SureCloud for bringing this vulnerability… to our attention. We took immediate action in early summer to resolve the issue and pushed out a firmware upgrade to all affected InnoTab\/Storio Max devices in Europe.”<\/p>\n

The company added that it had recently sent an email to European owners who had not performed the upgrade to urge them to do so.<\/p>\n

But until BBC Watchdog Live got involved, VTech had not specifically warned customers about the security vulnerability or the risks it posed. <\/p>\n

An “upgrade reminder” on its website<\/a> is now more explicit and provides an illustrated step-by-step guide to applying the fix.<\/p>\n

However, Mr Potter said the issue might have been picked up at an earlier stage had the tablets been subject to more thorough checks before going on sale.<\/p>\n

“Any cyber-security firm that is following a best-practice approach to testing these devices… would be likely to have spotted this issue,” he said.<\/p>\n

The full report on the vulnerability can be seen on Watchdog Live tonight at 2000GMT on BBC One.<\/i><\/p>\n<\/p><\/div>\n


\n
Source<\/a> by [author_name]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Image copyright VTech Image caption VTech allows parents to determine which sites their children can visit with the tablet Child gadget-maker VTech’s website is promoting a security fix for its flagship tablet, following an investigation by BBC Watchdog Live. The Storio Max – which is called the InnoTab Max in the UK – suffers a … <\/p>\n","protected":false},"author":0,"featured_media":5119,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5118","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/www.styledeals.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.styledeals.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.styledeals.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/www.styledeals.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5118"}],"version-history":[{"count":0,"href":"https:\/\/www.styledeals.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5118\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.styledeals.co.uk\/blog\/wp-json\/wp\/v2\/media\/5119"}],"wp:attachment":[{"href":"https:\/\/www.styledeals.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.styledeals.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.styledeals.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}