VTech 切り開く/タクシー/不正アクセス exposes ID 窃盗 危険 in connecting kids to Internet
By Jim Finkle and Jeremy Wagstaff
BOSTON/SINGAPORE, Dec 6 (Reuters) - Parents who gave their child a Kidizoom smartwatch or a VTech InnoTab tablet may have exposed them to 身元 窃盗 after Hong Kong-based VTech said hackers stole the personal (警察などへの)密告,告訴(状) of more than 6 million children.
The 違反 強調するs how 数字表示式の 製品s 目的(とする)d at kids often have far 女性 安全 than other computer 製品s, and may 提起する/ポーズをとる a 脅し to a にわか景気ing 産業. 出荷/船積みs of toys that connect to the Internet will rise 200 パーセント over the next five years, によれば 見積(る)s by UK-based Juniper 研究.
It's not (疑いを)晴らす what the 動機 was for the VTech 違反 nor whether it has resulted in any 身元 窃盗 so far. Still, it's a 警告 for people who don't understand how much data and 極度の慎重さを要する (警察などへの)密告,告訴(状) is in a child's toy.
"The last thing you would ever imagine is that a toy 製造業者 would lose your child's 身元," said Liam O'Murchu, a Symantec Corp 研究員 known for his work dissecting コンビナート/複合体 malware produced by nation 明言する/公表するs. "This shows that it's harder and harder to do things 安全に online," he said.
In VTech's 事例/患者, 買い手s of the company's cameras, watches and tablets are encouraged to 供給する 指名するs, 演説(する)/住所s and birth dates when 調印 up for accounts where they can download updates, games, 調書をとる/予約するs and other content.
VTech said the hackers 妥協d its Learning 宿泊する app 蓄える/店, which 供給するs content for children's tablets, and its Kid Connect 動きやすい app service that lets parents communicate with those tablets.
Toys that gather data on the 使用者, like VTech's line of cameras, watches and tablets and their associated websites, will grow by 58 パーセント 毎年, によれば Juniper.
That 部類 含むs dolls like Mattel Inc's recently introduced Hello Barbie, which connects to home wireless 網状組織s and communicates with servers to enable conversations by uploading 音声部の and getting 返答s from the cloud.
動きやすい 安全 会社/堅い Bluebox and 独立した・無所属 安全 研究員 Andrew Hay on Friday 公表する/暴露するd that they had 共同で 暴露するd 多重の vulnerabilities in iOS and Android apps that work with the 装置, 同様に as its cloud servers operated by 科学(工学)技術 partner ToyTalk.
の中で their findings, they (人命などを)奪う,主張するd that the app could be 切り開く/タクシー/不正アクセスd to 明らかにする/漏らす passwords, could be tricked into connecting to 敵意を持った 網状組織s controlled by hackers and that the servers were 攻撃を受けやすい to some types of attacks.
Mattel 広報担当者 Michelle Chidoni said that the toymaker and Hello Barbie 科学(工学)技術 partner ToyTalk have taken steps to 確実にする the 製品s 会合,会うs 安全 and safety 基準s.
ToyTalk said in a 声明 that it had already 直す/買収する,八百長をするd many of this 問題/発行するs raised.
It's too soon to say if the 違反 will 傷つける VTech's sales. Still, its 在庫/株 fell 2.6 パーセント this week as it 雇うd 法廷の 専門家s, 答える/応じるd to 政府 調査s on three continents and 一時的に shut 負かす/撃墜する more than a dozen websites, 含むing a messaging service and kids' app 蓄える/店.
示す Stanislav, a 研究員 at the 安全 会社/堅い 早い 7 Inc, whose w ife is 推定する/予想するing their first child in a few weeks, began looking into problems with children's 製品s after 審理,公聴会 about 安全 欠陥s in baby 監視するs, and he subsequently 設立する such problems in 製品s from eight baby 監視する vendors.
After 公表する/暴露するing the 欠陥s to the companies earlier this year, he said most have been 直す/買収する,八百長をするd. He told Reuters he has since 設立する problems in websites that connect other types of 装置s to kids, 含むing one from a major 製造業者. He will go public with those findings next month after giving 製造業者s time to 直す/買収する,八百長をする the problems.
身元 thieves use 妥協d data to 提起する/ポーズをとる as their 犠牲者s, get 貸付金s or credit cards or 適用する for services such as 公共事業(料金)/有用性s. Other types of 犯罪のs assume stolen 身元s to 避ける 逮捕(する) by police.
CLEAN SLATES
Children 申し込む/申し出 credit 予定するs to fraudsters that can be 偉業/利用するd for years without the 犠牲者's knowledge, said Tom Kellermann, 長,指導者 cybersecurity officer with 傾向 Micro Inc .
"Kids have a longer life in 前線 of them and they have 完全に clean credit, which makes them more 価値のある," Kellermann said.
A child's 指名する, birth date, email 演説(する)/住所 and Social 安全 number are 価値(がある) $30 to $40 on some 地下組織の markets, more than the $20 value of most adult profiles, he said.
研究 by Carnegie Mellon University in 2011 設立する that more than 10 パーセント of a 見本 of stolen children's social 安全 numbers had some sort of fraudulent activity associated with them, a 割合 51 times higher than adults'.
A child might not find out that their 身元 had been stolen until they are in their late teens, said Michelle Dennedy, Cis co Systems Inc's 長,指導者 privacy officer who 設立するd an 身元-窃盗 場所/位置 for parents, theidentityproject.com.
"It's a 苦痛 when you are an adult, but for a child it can have so much more 害(を与える)," said Dennedy. "Somebody might fail a background check for first 職業, or get 逮捕(する)d because a child 痴漢 stole their 身元."
Still, Vtech has some 失望させるd 顧客s, even though cyber 専門家s said the stolen VTech data has yet to turn up on 会議s where such (警察などへの)密告,告訴(状) is sold.
"My 関心 is: Myself and other unlucky parents out there buying these 製品s during the holidays and have no 警告 that they may not be able to use these 製品s now or in the 未来," said Sarah を締める, a Canadian who commented on VTech's Facebook pages.
And it may attract U.S regulatory scrutiny. U,S. 支配するs 施行するd by the 連邦の 貿易(する) (売買)手数料,委託(する)/委員会/権限 限界 how personal (警察などへの)密告,告訴(状) collected online from children under age 13 is 扱う/治療するd. That (警察などへの)密告,告訴(状) can 含む photos, ビデオs and 雑談(する) スピードを出す/記録につけるs, just the sort of data that appears to have been collected by VTech, said Phyllis Marcus, a former (日)公正取引委員会(米)連邦取引委員会 公式の/役人 now at the 法律 会社/堅い Hunton & Williams LLP.
The (日)公正取引委員会(米)連邦取引委員会 拒絶する/低下するd to 確認する or 否定する any 調査(する) of VTech. 当局 in Hong Kong, the 部隊d Kingdom and the U.S. 明言する/公表するs of Connecticut and Illinois have said they are looking into the 違反. (報告(する)/憶測ing by Jim Finkle and Jeremy Wagstaff. 付加 報告(する)/憶測ing by Diane Bartz in Washington and Subrat Patnaik in Bangalore. Editing by Jonathan Weber and John Pickering)
