Home 禄 Opinion 禄 Foreign Views
Stealing ID data from toys child鈥檚 play for hackers
Parents who gave their child a Kidizoom smartwatch or a VTech InnoTab tablet may have exposed them to identity theft after Hong Kong-based VTech said hackers stole the personal information of more than 6 million children.
The breach underscores how digital products aimed at kids often have far weaker security than other computer products, and may pose a threat to a booming industry. Shipments of toys that connect to the Internet will rise 200 percent over the next five years, according to estimates by UK-based Juniper Research.
It鈥檚 not clear what the motive was for the VTech breach nor whether it has resulted in any identity theft so far. Still, it鈥檚 a warning for people who don鈥檛 understand how much data and sensitive information is in a child鈥檚 toy.
In VTech鈥檚 case, buyers of the company鈥檚 cameras, watches and tablets are encouraged to provide names, addresses and birth dates when signing up for accounts where they can download updates, games, books and other content.
Toys that gather data on the user, like VTech鈥檚 line of cameras, watches and tablets and their associated websites, will grow by 58 percent annually, according to Juniper. That category includes dolls like Mattel Inc鈥檚 recently introduced Hello Barbie, which connects to home wireless networks and communicates with servers to enable conversations by uploading audio and getting responses from the cloud.
Mattel spokesman Michelle Chidoni said that the toymaker and Hello Barbie technology partner ToyTalk have taken steps to ensure the products meets security and safety standards. ToyTalk said in a statement that it had already fixed many of this issues raised.
Mark Stanislav, a researcher at the security firm Rapid 7 Inc, began looking into problems with children鈥檚 products after hearing about security flaws in baby monitors, and he subsequently found such problems in products from eight baby monitor vendors.
After disclosing the flaws to the companies earlier this year, he said most have been fixed. He told Reuters he has since found problems in websites that connect other types of devices to kids, including one from a major manufacturer. He will go public with those findings next month after giving manufacturers time to fix the problems.
Identity thieves use compromised data to pose as their victims, get loans or credit cards or apply for services such as utilities. Other types of criminals assume stolen identities to evade capture by police.
Clean slates
Children offer credit slates to fraudsters that can be exploited for years without the victim鈥檚 knowledge, said Tom Kellermann, chief cybersecurity officer with Trend Micro Inc.
鈥淜ids have a longer life in front of them and they have completely clean credit, which makes them more valuable,鈥 Kellermann said.
A child鈥檚 name, birth date, email address and Social Security number are worth US$30 to US$40 on some underground markets, more than the US$20 value of most adult profiles, he said. Research by Carnegie Mellon University in 2011 found that more than 10 percent of a sample of stolen children鈥檚 social security numbers had some sort of fraudulent activity associated with them, a proportion 51 times higher than adults.
A child might not find out that their identity had been stolen until they are in their late teens, said Michelle Dennedy, Cisco Systems Inc鈥檚 chief privacy officer who founded an identity-theft site for parents, theidentityproject.com.
鈥淚t鈥檚 a pain when you are an adult, but for a child it can have so much more harm,鈥 said Dennedy. 鈥淪omebody might fail a background check for first job, or get arrested because a child molester stole their identity.鈥
It may attract US regulatory scrutiny. US rules enforced by the Federal Trade Commission limit how personal information collected online from children under age 13 is treated. That information can include photos, videos and chat logs, just the sort of data that appears to have been collected by VTech, said Phyllis Marcus, a former FTC official now at the law firm Hunton & Williams LLP.
Authorities in Hong Kong, the United Kingdom and the US states of Connecticut and Illinois have said they are looking into the breach.
(Reporting by Jim Finkle and Jeremy Wagstaff. Additional reporting by Diane Bartz in Washington and Subrat Patnaik in Bangalore. Editing by Jonathan Weber and John Pickering. Reuters. Shanghai Daily condensed the article.)
- About Us
- |
- Terms of Use
- |
-
RSS
- |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 娌狪CP璇侊細娌狪CP澶05050403鍙-1
- |
- 浜掕仈缃戞柊闂讳俊鎭湇鍔¤鍙瘉锛31120180004
- |
- 缃戠粶瑙嗗惉璁稿彲璇侊細0909346
- |
- 骞挎挱鐢佃鑺傜洰鍒朵綔璁稿彲璇侊細娌瓧绗354鍙
- |
- 澧炲肩數淇′笟鍔$粡钀ヨ鍙瘉锛氭勃B2-20120012
Copyright 漏 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.