CHINA TOPIX

11/02/2024 12:22:35 pm

Make CT Your Homepage

VTech Faces More Problems; Security Researchers Reveal More Security Loopholes

Toymaker VTech Hacked, Exposed Hundreds of Thousands of Kids and Parents

(Photo : Getty Images) VTech claims that despite the severity and sophistication of the attack, no credit card data was stolen.

Things are getting from bad to worse for toy manufacturer VTech. Following the recent hack that leaked data of more than 6.4 million children and 4.8 million adults which led the company's stock price to drop to its lowest point this year, an investigation launched by security researchers has revealed that the InnoTab Max tablet for kids has two glaring vulnerabilities. VTech is refusing to answer questions about whether the company even has a security team.

Like Us on Facebook

Pen Test Partners security expert Ken Munro is responsible for the discovery of the security loopholes buried deep inside InnoTab. The flaw was easy to spot as it reportedly has already been known to the tech security community for at least two years. The security loophole lies in the Rockchip RK3168 processor of the tablet which allows anyone with access to the device to easily steal data from the tablet's memory using a freely available hacking tool called RKFLASHTOOL.

In his blog post, Munro wrote, "This bug has been known about for well over two years. It's a bit lame of VTech to continue shipping vulnerable tablets, tablets that expose children's data."

Another security flaw discovered by Munro on the InnoTab device lies on the microSD slot embedded on the motherboard that stores user data and filesystem. This type of storage system will essentially give hackers an easy route to access sensitive user data.

According to Forbes, in many ways, VTech did not adhere to accepted security standards. The hack itself that exposed massive amounts of sensitive user data was perpetrated using an age-old hacking technique of SQL injection. VTech's website is also not protect by SSL web encryption and the company is storing user data in unencrypted fashion. Security experts also found out that VTech's Android application, used by parent to communicate to their children, is vulnerable to hacking.

Real Time Analytics