Monday, December 21, 2015

Hacking VTech: UFC Que Choisir filed a complaint against the manufacturer – ZDNet France

In early December, the manufacturer of electronic toys and connected VTech confirmed an intrusion into its database of its application store Learning Lodge

First, we learned that the attackers have published data sensitive such as photos
 children and relatives taken by some toys with cameras
 selfies. Conversations from a chat application
 allowing children to discuss with their parents (via
 smartphone application) were also compromised.

In addition, the name, sex and date of birth of children, and for parents,
 name, mailing address, email address, passwords and
 personal questions to find them and the address
 IP were hijacked.
 

Later we learned that finally 6.4 million children accounts were compromised. The attack
 against
 VTech is one of the largest in 2015 – behind Ashley Madison
 however, and its 30 million hacked accounts.

In a statement, VTech said the affected customers
 were mainly in the United States, then in order
 France, UK, Germany, Canada, Spain,
 Belgium and the Netherlands.

Taiwan’s toys are very popular in our country. One then understands better why the consumer association UFC Que Choisir, which is called “outraged” by the case decided to take over the case and file a complaint against the manufacturer to the high court of Versailles.

“Hard to believe that a company as large and as” connected “as VTech has not sufficiently secure databases. However, the hacker claims to have used a fairly simple method to break into VTech servers.! SQL injection This method of intrusion, of great simplicity, is identified for almost 13 years … And it can easily be defeated if simple protection rules are implemented. It is clear that the action of a single hacker was enough to violate the VTech servers and retrieve, nose and beard of the company, the data of nearly 6 million children worldwide, including 1 million French children! In addition, VTech has not detected the intrusion suffered before being interviewed by the press “, asserts the UFC.

He continued: “In an increasingly digital environment data greedy and dangerous for the protection of privacy, the fault appears to have been committed by the company VTech is intolerable (…. ) Concerned about the real risks to privacy, UFC-Que Choisir does not intend to remain inactive side violated the rights of millions of French consumers. “

Remember that the writer of this attack may well be a young British 21
 years according to the BBC. The English police investigating this case
 confirmed having arrested a suspect in Berkshire. It is suspected “of unauthorized access to a computer to facilitate the commission of an offense” written police.

Read also on ZDNet.fr: Give a connected toy: a bad idea gift for Christmas

LikeTweet

No comments:

Post a Comment