SureCloud Cybersecurity Practice Director Luke Potter to feature on the BBC’s Watchdog programme (Series 40, episode 5) on Wednesday 5th of December 2018 to discuss a vulnerability found on a children’s device manufactured by VTech.
The BBC approached SureCloud after the leading penetration testing company completed a critical disclosure to VTech and the vulnerability was granted a CVE (CVE-2018-16618).
Senior Security Consultant Elliott Thompson found a vulnerable service was enabled on the tablet which could be exploited by a script placed on a website and triggered by child visiting the page. This code would attack any Storio Max tablet that visited the page, granting the attacker full root control over the device including access webcam, speakers and microphone. This was reported to VTech and a patch fixing the vulnerability was released within 30 days.
Read the full technical walkthrough here.
You can watch SureCloud’s episode of “Watchdog” on the BBC’s website here. (**Please note this episode is not currently available**)