SureCloud Cybersecurity Practice Director Luke Potter to feature on the BBC’s Watchdog programme (Series 40, episode 5) on Wednesday 5th of December 2018.
The BBC approached SureCloud after the leading penetration testing company completed a critical disclosure to VTech and the vulnerability was granted a CVE (CVE-2018-16618).
Senior Security Consultant Elliott Thompson found a vulnerable service was enabled on the tablet which could be exploited by a script placed on a website and triggered by child visiting the page. This code would attack any Storio Max tablet that visited the page, granting the attacker full root control over the device including access webcam, speakers and microphone. This was reported to VTech and a patch fixing the vulnerability was released within 30 days.