The investigative programme, which aired last night, featured VTech’s InnoTab Max.
In May, a targeted ‘ethical hack’ by the company SureCloud, a sophisticated cyber firm which was in possession of detailed knowledge of hacking techniques and of InnoTab’s firmware, alerted VTech to a vulnerability which allowed it to gain control over the tablet.
The InnoTab Max, which is called Storio Max outside the UK, is a tablet suitable for children from three years of age, on which they can play Android apps, selected by VTech, which encourage learning across language, mathematics, logic, physics, observation and spatial awareness.
VTech has stated that the vulnerability – which SureCloud’s cyber-security practice director, Luke Potter, told the BBC “wasn’t easy to find” – has not been exploited by anyone other than the firm, and that the chances of this happening are “remote”.
In a statement released to the BBC Watchdog programme, VTech said: “We thank SureCloud for bringing this vulnerability on the Storio Max, which is called InnoTab Max in the UK, to our attention. We took immediate action in early summer to resolve the issue and pushed out a firmware upgrade to all affected InnoTab/Storio Max devices in Europe. Since then, pop up messages will appear on the device from time to time to prompt the device owners to perform the upgrade until it is done. Furthermore, most recently, for those users in Europe who have still not performed the upgrade, an email is being sent urging them to do so.”
As well as pop-up alerts, the VTech website homepage features a banner altering parents to the latest firmware upgrades available. The company has also sent a letter to all UK and Ireland retailers which stock the device, making them aware.
The statement added: “The safety of children is our top priority and we are constantly looking to improve the security of our devices.”