A TABLET aimed at young kids and sold in the United Kingdom featured a security flaw that let hackers snoop on vulnerable tots.
A security watchdog has uncovered a bug that granted cybercriminals full control of the InnoTab Max, allowing them to listen to children, talk to them, and watch them through the device’s webcam.
The gadget costs £115 and is marketed as a ‘safe’ tablet for children aged three to nine, as it only allows access to sites that have been pre-approved by a parent.
VTech, the Chinese firm behind the device, has released a software update that it claims has resolved the shocking flaw.
The company sells tablets that give parents and carers the opportunity to restrict access to websites at their own discretion.
Researchers at London cybersecurity firm SureCloud say a vulnerability made the InnoTab Max vulnerable to attack should one of these approved sites be compromised by hackers.
It allowed cybercriminals to take control of the device using malicious code embedded into one or more of the pre-vetted websites.
Luke Potter, SureCloud’s cyber-security practice director, said hackers would have only needed simple ‘off-the-shelf’ malware available from online criminal markets to instigate an attack.
VTech said it had fixed the issue, and urged parents to download the latest update to the tablet’s software to black hackers’ access.
« We thank SureCloud for bringing this vulnerability on the Storio Max, which is called InnoTab Max in the UK, to our attention, » the firm said in a statement.
How to talk to your kids about online safety
Here’s official advice from the NSPCC…
- Talk to your child about what ‘personal information’ is – such as email address, full name, phone number, address and school name – and why it’s important
- Explain simple ways to protect privacy. For example, avoiding usernames like birthdates or locations that give away too much information
- Discuss images and photos, and what might be appropriate. Help your child understand how photographs can give people a sense of your personality, and that sharing the wrong kind of image can give the wrong impression
- Explain that it isn’t easy to identify someone online. People aren’t always who they say they are, so don’t share personal information. If it’s someone who genuinely knows your child, they shouldn’t need to ask for personal information online
- Tell your child that if they’re in any doubt they should talk to you first
« We took immediate action in early summer to resolve the issue and pushed out a firmware upgrade to all affected InnoTab/Storio Max devices in Europe.
« Since then, pop up messages will appear on the device from time to time to prompt the device owners to perform the upgrade until it is done.
« Furthermore, most recently, for those users in Europe who have still not performed the upgrade, an email is being sent urging them to do so.
« We are not aware of any actual attempt to exploit the vulnerability and we consider the prospects of this happening to be remote. »
What do you think parents should do to better protects their kids from cybercrime?