Hacked Toy Company VTech: Let Us Monitor Your House
Last year, an anonymous hacker broke into the systems of VTech, a company that makes internet-connected toys, tablets and baby monitors. The hacker was able to access the personal data of more than 6 million kids, as well as more than 4 million parents, including tens of thousand of pictures taken with the company's Kid Connect app, which encourages children and parents to take selfies and chat online.
Less than two months later, VTech is now launching a whole suite of new internet-connected devices designed to monitor your house—and the company is promising that this time, it won't leave the personal data of its customers exposed to hackers.
This week at the Consumer Technology Show in Las Vegas, VTech unveiled a series of new devices, including monitoring cameras, smart lightbulbs, and a slew of sensors for doors, switches, and curtains. All these devices are designed to work with a single smartphone app that will allow parents to check in on their kids and record video if they want.
On Thursday, I dropped by VTech's booth to check out its new products, and ask how it plans on making them more secure than the toys and tablets that were recently hacked.
Asked if they were worried about another hack, Brian Tompkins, the company's vice president of sales, said that for "any company that sells a product that's cloud based, or internet-connected, there's always a worry or a fear."
But this time, VTech is "going through penetration tests by a third party and everything is going to be very secure," added Chris Conrad, VTech's product marketing director.
A spokesperson later confirmed to me that VTech is "currently working with a third party vendor to thoroughly test the security of all of our products," to learn from last year's hack. The spokesperson, however, declined to name who the vendor is and what kind of tests they're performing.
"Everything is going to be very secure."
Troy Hunt, a security expert who helped Motherboard analyze the data stolen from VTech, and also briefly reviewed their online systems' security, said that this is "a big step forward" given that "there was definitely no penetration testing done on the toys."
"The incident last year may well improve their home security products as they've now had their 'wakeup call,'" he told me in an email "but it worries me how well a company that had such an endemic lack of security across their organisation—even down to the difficulty in contacting them—is going to completely turn that around for this product."
Some on Twitter were less articulate, but just as skeptical.
The devices are still in development and will be released over the summer. Hopefully that will be enough time for VTech to make sure another hacker, which might not be as well-intentioned as the previous one, can't easily get into their customers' data.
Elyssa D. Durant. Ed.M.