Man arrested in toymaker hack that exposed data for millions of kids - Ars

Article: http://arstechnica.com/security/2015/12/man-arrested-in-toymaker-hack-says-he-wanted-to-expose-inadequate-security/

In England, a man had interest in hacking the Vtech Innotab, a tablet designed for children, after seeing others do stuff like run a Doom emulator on it and what not. Somehow, it came to his attention that the Innotab was using a web-based service to store its information.
"The hacker noticed that the site was using Flash, and had a login box. He then quickly found out the site was vulnerable to the ancient, yet still very effective, hacking technique known as SQL injection."

The guy gained root access and discovered that he now had access to the information of some 11 million people, including minors who used the Innotab. The issue here is that he was arrested for hacking, when his intent after discovering the vulnerability was to have "...issues made aware of and fixed.” If you ask me, I think the prosecution is looking at the wrong guy to hang. If anyone should be put on trial, it should be Vtech for their gross negligence of user data. Interesting topic that you guys might be interested in.

1 Like