Vtech, having leaked 6.3m kids' data, now wants to run your home security

Remember the Hong Kong-based crapgadgeteer Vtech, who breached 6.3 million kids' data from a database whose security was jaw-droppingly poor (no salted hashes, no code-injection countermeasures, no SSL), who then lied and stalled after they were outed? They want to make home security devices that will know everything you say and do in your house.

Vtech's new "Internet of Things home security suite" debuted at CES in Las Vegas last week, featuring a range of sensors and devices. They're doing lightbulbs! Because the world needs more badly secured, proprietary lightbulbs! There's cameras and curtain sensors and door sensors and, well, everything a savvy voyeur or housebreaker or kidnapper would need to compromise to utterly destroy you, everything you own and everyone you love.

But don't worry, Vtech says this time, they'll get it right.

Asked if they were worried about another hack, Brian Tompkins, the company’s vice president of sales, said that for “any company that sells a product that’s cloud based, or internet-connected, there’s always a worry or a fear.”

But this time, VTech is “going through penetration tests by a third party and everything is going to be very secure,” added Chris Conrad, VTech’s product marketing director.

A spokesperson later confirmed to me that VTech is “currently working with a third party vendor to thoroughly test the security of all of our products,” to learn from last year’s hack. The spokesperson, however, declined to name who the vendor is and what kind of tests they’re performing.

Hacked Toy Company VTech: Let Us Monitor Your House [Lorenzo Franceschi-Bicchierai/Motherboard]

Notable Replies

  1. Shuck says:

    Yeah, I don't get it. Reading about smart homes, it seems like there's significant cost and effort, the security risk, the future possibility that you'll have to throw out perfectly good components because they'll become obsolete (though the chance of them breaking also increases), and this is what you end up with:
    "Ok, let me turn on the light. First I need to get out my phone, now I'll unlock it, find the app, wait for it to open, find the specific control I want, and hey, presto, the light is on! Oops, no, wait, that didn't work. Let me try again."
    "Don't bother, I turned on the light three minutes ago."
    So it's not even that there's any sort of time or effort savings on anything - in fact, quite the opposite. Even if it worked perfectly with a better interface that did save time and effort, it would be totally negligible.

  2. I have a networked light switch here, a DIY version operated via USB, connected to a server (so de facto networked). It's quite comfortable to not have to get out of bed and switch the light on or off with a single command from a laptop (that's always on hand, and if it wouldn't be, a simple ESP8266 based wifi button could be hacked together in one evening, or even the Amazon Dash button could be scavenged and adapted and its DHCP request broadcast listened for and mapped to a light toggle function). If needed, it could get its control exposed to the LAN via a REST-based API.

    If it doesn't save the effort, it is badly designed. Most things are badly designed.

  3. A bit rudimentary and prone to false positives (and negatives), I'd say. But a good idea in principle.

  4. I know you will never stop whiz-bangin. :smile_cat: But my 20th century light switch can do all that, except I do have to get out of bed. Then again, if I'm that determined to stay in bed, then I don't want the lights on.

    I also don't have to program it, debug it, reboot it, call Bangalore for tech support, or worry it's handing out my wifi password. All I have to do is push up with one finger. I am a troglodyte.

  5. Maybe you could write an APL program to have the bed move itself?

Continue the discussion bbs.boingboing.net

16 more replies