If you think that the worse is over for VTech, creators of the now infamous Innotab kid-focused tablets, then you probably had too much faith in the company. Days after the company admitted a hack that exposed millions of parents’ and kids’ data, security service Pen Test Partners revealed that not only is their software unstable security-wise, even their hardware is very easy to attack even by hacking amateurs.
Just last November 30, VTech admitted that their Learning Lodge app’s security protocols were breached by hackers and that the personal details of around five million parents and their children who use the tablet may have been exposed to these nefarious entities. Names, email addresses, passwords, secret questions, almost everything except credit card details, were accessible to the hackers, as well as the children’s names, genders, and birthdays. Just a little more digging and phishing and these hackers would have been able to get much worse information.
Pen Test Partners then decided to test the hardware itself and discovered that even that is susceptible to hacking. The RK3188 chipset that the tablet uses can allow the hacker to put the device in recovery mode and remove all the data stored by the parents and/or children. There is also a microSD card glued to the motherboard where passwords, pins, addresses, and all kinds of data is stored. So if you lost the tablet and someone knows where to find the miroSD card, then you can say goodbye to your data security.
VTech has already taken down the affected apps, which also includes Kid Connect, and an investigation has been started ever since they discovered the hack. But this may already be too little too late for the brand’s reputation and may also spark a debate on the risks involved in getting “cheap” tablets for young children.
VIA: SlashGear
