Buy Kids iPhones And Kill Connected Toys — Hacker Advice To Parents After …

1 Dec 2015 | Author: | No comments yet »

Miss Hong Kong Louisa Mak says Occupy Central ‘was a special moment in Hong Kong history’.

On Black Friday, the technology-reporting website Motherboard reported that Hong Kong electronics maker VTech was targeted by hackers. A hacker who broke into connected toymaker VTech’s servers found thousands of pictures of children and chat logs between them and their parents, alongside millions of home addresses, passwords and names.

A beguiling indifference to cybersecurity in Hong Kong may be to blame for the large-scale hacking of customers’ accounts at children’s learning products maker VTech, which marks the biggest and potentially most scandalous corporate data breach in the city since 2011. The electronic toy maker’s app store was hacked last week, exposing the personal information of about five million customers including thousands of children. “There’s certainly accountability on their behalf. The data breach affected the company’s app store, exposing the email addresses, names and passwords of adults, and the first names, birthdays and gender for kids. In a swift response, Hong Kong’s privacy commissioner Stephen Wong Kai-yi said Tuesday an investigation has been launched to look into VTech’s system of collecting personal data and the safeguards used to protect that information. VTech runs an online store called the “Learning Lodge” that sells apps, e-books, and other content for its suite of educational tablets and devices.

The company’s failure to fully encrypt and protect sensitive data (including photos and audio) has left millions of users, including children, vulnerable to personal identification, potential cyber crime or identity theft. A hacker interviewed by Motherboard’s Lorenzo Franceschi-Bicchierai said that they used a “SQL injection” attack, a simple and extremely common hacking technique in which hackers enter commands into website forms in order to make websites serve desirable data. The 190Gb worth of images stored on VTech’s servers were taken through its Kid Connect service, which allows parents and children to message each other via its smartphones and tablets. The Office of the Privacy Commissioner for Personal Data is in contact with the Hong Kong-based company for a “compliance check.” While the hacking didn’t access credit card information, the independent statutory body runs checks to determine if websites do enough to safeguard user data.

Such attacks are easy to defend against, but VTech did not have the proper protocols to do so. “It was pretty easy to dump, so someone with darker motives could easily get [the information from VTech],” the hacker told Motherboard in an encrypted chat. The question might become did they take sufficient measures to stop it from being lost?” Parents should ask about a website or app security before registering personal information. Troy Hunt, Microsoft’s MVP for developer security who assisted Motherboard in their investigation, said that as a father the leak had prompted him to think more carefully about the “footprints I’ll make for [my two children] online”. “I personally have a mixed reaction to this event; I’m upset that someone would seek to take this class of data from a system, yet on the other hand, the data seems to have been very closely held and I hope it stays that way,” he wrote on his website. “But what really disappoints me is the total lack of care shown by VTech in securing this data.

VTech’s legal department is handling those inquiries, though both sides are still in the early stages of communication, Corinna Chan, a spokeswoman for VTech, said by phone. It’s taken me not much more than a cursory review of publicly observable behaviours to identify serious shortcomings that not only appear as though they could be easily exploited, evidently have been. Although the perpetrators didn’t steal financial data, they could use the information to gain access to social media profiles or to target children online, said Bryce Boland, Asia chief technology officer for FireEye Inc. “It may be that this data theft is only the tip of the iceberg,” Boland said in an e-mail. “Until there is a thorough forensic investigation, they won’t know if they can still be sucker-punched in cyberspace.

Despite the frequency of these incidents, companies are just not getting the message; taking security seriously is something you need to do before a data breach, not something you say afterwards to placate people.” Louise Bulman, vice president EMEA at encryption and data security company Vormetric, said the nature of the accessible information was particularly concerning. “VTech has joined the increasingly long line of organisations facing a rather bleak end to 2015, as it becomes the latest to suffer a high-profile data breach. The horse may have bolted, but that doesn’t mean the hacker didn’t move from the barn to the house.” Hackers accessed 5 million customer accounts through VTech’s Learning Lodge database, where users download applications, learning games and e-books. The report said the hacker, who shared a sample of 3,832 image files with the online publication for verification, did not intend to publish or sell the data he obtained from VTech. Experts described the massive hacking at VTech, also known as the world’s largest maker of cordless telephones, as a big blow to Hong Kong’s longstanding efforts to protect personal data.

Lawmaker Charles Mok said many Hong Kong companies “still do not know how to comply with data privacy regulations in Hong Kong”, which came into force back in 1996. When Target was hacked in 2013, compromising the credit card data of some 40 million of its customers, the company chose to focus on the trust and loyalty that its customers, or “guests,” had shown it in the past. “We understand that a situation like this creates stress and anxiety about the safety of your payment card data at Target,” then-CEO Gregg Steinhafel said in a statement. “Our brand has been built on a 50-year foundation of trust with our guests, and we want to assure you that the cause of this issue has been addressed and you can shop with confidence at Target.” What’s unusual about this breach is that, according to Motherboard, the hackers do not appear have malicious purposes for the information they obtained: unlike in other recent data breaches, they decided not to sell the information they collected for a profit online. The attorneys-general in the US states of Connecticut and Illinois have also announced plans to conduct their own probe into the VTech security breach, a Reuters report said.

Michael Gazeley, the managing director at security services provider Network Box, said most Hong Kong firms do not take cybersecurity risks seriously enough.

Here you can write a commentary on the recording "Buy Kids iPhones And Kill Connected Toys — Hacker Advice To Parents After …".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site