Parents who gave their child a Kidizoom smartwatch or a VTech InnoTab tablet may have exposed them to identity theft after Hong Kong-based VTech said hackers stole the personal information of more tha
Parents who gave their child a Kidizoom smartwatch or a VTech InnoTab tablet may have exposed them to identity theft after Hong Kong-based VTech said hackers stole the personal information of more than 6 million children.
The breach underscores how digital products aimed at kids often have far weaker security than other computer products, and may pose a threat to a booming industry. Shipments of toys that connect to the
Internet will rise 200 percent over the next five years, according to estimates by UK-based Juniper Research.
It's not clear what the motive was for the VTech breach nor whether it has resulted in any identity theft so far. Still, it's a warning for people who don't understand how much data and sensitive information is in a child's toy.
-"The last thing you would ever imagine is that a toy manufacturer would lose your child's identity,-" said Liam O'Murchu, a Symantec Corp (SYMC.O) researcher known for his work dissecting complex malware produced by nation states. -"This shows that it's harder and harder to do things safely online,-" he said.
In VTech's case, buyers of the company's cameras, watches and tablets are encouraged to provide names, addresses and birth dates when signing up for accounts where they can download updates, games, books and other content.
VTech said the hackers compromised its Learning Lodge app store, which provides content for children's tablets, and its Kid Connect mobile app service that lets parents communicate with those tablets.
Toys that gather data on the user, like VTech's line of cameras, watches and tablets and their associated websites, will grow by 58 percent annually, according to Juniper.
That category includes dolls like Mattel Inc's recently introduced Hello Barbie, which connects to home wireless networks and communicates with servers to enable conversations by uploading audio and getting responses from the cloud.
Mobile security firm Bluebox and independent security researcher Andrew Hay on Friday disclosed that they had jointly uncovered multiple vulnerabilities in iOS and Android apps that work with the device, as well as its cloud servers operated by technology partner ToyTalk.
