VTech

Last updated

VTech Holdings Limited
Company type Public
SEHK: 0303
Industry Electronics industry
FoundedOctober 1976;48 years ago (1976-10) (as Video Technology Limited)
FounderAllan Wong (Chi-Yun) [1] [2]
Stephen Leung [3]
HeadquartersTai Ping Industrial Centre Block 1, 23rd Floor;
57 Ting Kok Tai Po N.t. Rd., 23/f, ,
Area served
Worldwide
Products
Revenue US$ 1,898.9 million (FY2014)
US$ 203.3 million (FY2014)
Number of employees
Around 30,000
Subsidiaries
Website www.vtech.com
VTech Holdings Ltd.
Traditional Chinese 偉易達集團
Simplified Chinese 伟易达集团
Transcriptions
Standard Mandarin
Hanyu Pinyin Wěi yì dá jítuán
Yue: Cantonese
Yale Romanization wáih yihk daaht jaahptyùhn
Jyutping wai5 jik6 daat6 zaap6tyun4

VTech introduced the world's first 900 MHz and 5.8 GHz cordless phones in 1991 and 2002 respectively.[ citation needed ] As of 2014, the company was the world's largest manufacturer of cordless telephones, according to MZA (as reported by VTech). [31] [ independent source needed ]

As of 2014, VTech, in its sale of both AT&T and VTech branded phones and accessories, was the largest player in the industry [32] [ clarification needed ], in North America, according to MarketWise Consumer Insights (as reported by VTech). [33] [ independent source needed ] Outside North America, as of this date,[ when? ] VTech mainly supplied products to fixed-line telephone operators, brand names, and distributors on an ODM basis. [ citation needed ]

Contract manufacturing services (CMS)

VTech started manufacturing products for other brand names on an original equipment manufacturing (OEM) basis in the 1980s and CMS became one of the company's core businesses in the early 2000s.

VTech has been identified as one of the world's top 50 electronics manufacturing services providers, [34] providing electronics manufacturing services for medium-sized companies. VTech's CMS has focused on four main product categories: professional audio equipment, switching mode power supplies, wireless products, and solid-state lighting. [35]

Controversies

2012 working conditions controversy

A June 2012 report from the Institute for Global Labour and Human Rights [36] said the working conditions in the VTech factories in China failed to meet the legal standards and could be described as sweatshops. VTech strongly rejected the allegations in a statement issued on 22 June 2012. [37]

2015 data breach

In November 2015, Lorenzo Bicchierai, writing for Vice magazine's Motherboard, reported that VTech's servers had been compromised and the corporation was victim to a data breach which exposed personal data belonging to 6.3 million individuals, including children, who signed up for or utilized services provided by the company related to several products it manufactures. [38] Bicchierai was contacted by the unnamed attacker in late November, during the week before Thanksgiving, at which point the unnamed individual disclosed information about the security vulnerabilities with the journalist and detailed the breach. [39] [40]

Bicchierai then reached out to information security researcher Troy Hunt to examine data provided by the attacker to Bicchierai, and to confirm if the leak was indeed authentic and not an internet hoax. Hunt examined the information and confirmed it appeared to be authentic. Hunt then dissected the data in detail and published the findings on his website. According to Hunt, VTech's servers failed to utilize basic SSL encryption to secure the personal data in transit from the devices to VTech's servers; that VTech stored customer information in unencrypted plaintext, failed to securely hash or salt passwords. [41]

The attack leveraged an SQL injection to gain privileged root access to VTech servers. Once privileged access was acquired, the attacker exfiltrated the data, including some 190 gigabytes of photographs of children and adults, detailed chat logs between parents and children which spanned over the course of years, and voice recordings, all unencrypted and stored in plain text. The attacker shared some 3,832 image files with the journalist for verification purposes, and some redacted photographs were published by the journalist. Commenting on the leak, the unidentified hacker expressed their disgust with being able to so easily obtain access to such a large trove of data, saying: "Frankly, it makes me sick that I was able to get all this stuff. VTech should have the book thrown at them" and explained their rationale for going to the press was because they felt VTech would have ignored their reports and concerns. [42] [43]

VTech corporate security was unaware their systems had been compromised and the breach was first brought to their attention after being contacted by Bicchierai prior to the publication of the article. Upon notification, the company took a dozen or so websites and services offline. [39] [42]

In an FAQ published by the company, they explain some 4,854,209 accounts belonging to parents and 6,368,509 profiles belonging to children had been compromised. The company further claims the passwords had been encrypted, which is contrary to reports by the independent security researcher contacted by Vice. The company indicated they were working with unspecified "local authorities". [41] [44] VTech subsequently brought in the information security services company FireEye to manage incident response and audit the security of their platform going forward. [45]

Mark Nunnikhoven of Trend Micro criticized the company's handling of the incident and called their FAQ "wishy-washy corporate speak". [46]

U.S. Senator Edward Markey and Representative Joe Barton, co-founders of the Bi-Partisan Congressional Privacy Caucus, issued an open letter to the company inquiring as to why and what kind of information belonging to children is stored by VTech and how they use this data, security practices employed to protect that data if children's information is shared or sold to third parties and how the company complies with the Children's Online Privacy Protection Act. [47]

In February 2016, Hunt publicized the fact that VTech had modified its Terms and Conditions for new customers so that the customer acknowledges and agrees that any information transmitted to VTech may be intercepted or later acquired by unauthorized parties. [48] [49]

In January 2018, the US Federal Trade Commission fined VTech $650,000 for the breach, around $0.09 per victim. [50]

Notes

  1. The logo's wordmark has been in use since 2001.

References

  1. 1 2 3 4 "Silicon's Search For Youth". Forbes. 31 January 2011. p. 1.
  2. 1 2 3 "Transcript: Allan Wong, Chairman and Group CEO, VTech". CNN. 18 October 2006.
  3. 1 2 3 4 5 6 "VTech Global Site".
  4. Baby monitor
  5. 1 2 "Hong Kong's 40 Richest". Forbes. 5 January 2012.
  6. 1 2 "VTech joins fray with tablets for children". South China Morning Post. 12 February 2011.
  7. 1 2 "Company Research - VTech Holdings" (PDF). Maybank Kim Eng. 24 March 2014. p. 7.
  8. "Corporate History | VTech". VTech. Retrieved 23 October 2015.
  9. "HKEx - Investment Service Centre".
  10. "Company announcement – Cancellation of Listing" (PDF). Hong Kong Stock Exchange.
  11. https://www.hkexnews.hk/listedco/listconews/sehk/2011/0617/ltn20110617288.pdf
  12. "Silicon's Search For Youth". Forbes. 31 January 2011. p. 2.
  13. "Kids' computers through the ages". Computerworld UK. 18 July 2011.
  14. Veilleux, C. Thomas (20 April 1992). "While Comdex roars, industry shakes out". HFD. 66 (16). BridgeTower Media Holding Company: 110 via Gale.
  15. "VTech Holdings Ltd. – Company Profile, Information, Business Description, History, Background Information on VTech Holdings Ltd". Reference for Business.
  16. "New Cordless Phones Offer Privacy, Remarkable Clarity". Chicago Tribune. 4 June 1993.
  17. Benjamin, David. "Dalvado". Tech Support. Retrieved 27 October 2023.
  18. Michael Rose (15 June 1992). "VTECH phone is no bump analog; this baby's digital". Business Journal-Portland.
  19. "VTech buys Lucent's consumer phone business for $113m". ElectronicsWeekly.com. 19 January 2000.
  20. "VTech Issues Profit Warning, Plans to Restructure Business". Wall Street Journal Online.
  21. "VTech reverses losses to post $11.2m profit". Reuters. 27 June 2002.
  22. "Annual Report 2012" (PDF). VTech. pp. 16–19.
  23. "The VTech phenomenon". Forbes. 19 October 1998.
  24. "V.Smile TV Learning System for kids". Gizmag. 21 January 2004.
  25. "VTech MobiGo 2 and InnoTab 2 Now Available for Pre-Order". VTech. 18 July 2012. Retrieved 20 July 2020.
  26. "VTech Welcomes 4th Generation Children's Learning Tablets to Award-Winning InnoTab Family, Including First to Feature Android Learning Content". VTech. 5 June 2014.
  27. "VTech brings teacher-endorsed Android games to its InnoTab Max tablet for kids". Gizmag. 8 June 2014.
  28. "There Is Now a 'Smartwatch' for Kids". Mashable. 18 February 2014.
  29. "VTech Global Site".
  30. "VTech Toys US Site".
  31. "Annual Report 2014" (PDF). VTech. p. 5.[ better source needed ]
  32. https://www.hkexnews.hk/listedco/listconews/sehk/2011/0617/ltn20110617288.pdf
  33. "Annual Report 2014" (PDF). VTech. p. 4.[ better source needed ]
  34. "The MMI Top 50 for 2014". Manufacturing Market Insider. Archived from the original on 17 March 2006. Retrieved 8 June 2015.
  35. "VTech Global Site". VTech.
  36. "Reports". Institute for Global Labour and Human Rights. 20 June 2012.
  37. "Media Statement". VTech. 22 June 2012.
  38. "Vtech, having leaked 6.3m kids' data, has a new EULA disclaiming responsibility for the next leak / Boing Boing". boingboing.net. 9 February 2016. Retrieved 8 January 2018.
  39. 1 2 Franceschi-Bicchierai, Lorenzo (27 November 2015). "One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids". motherboard.vice.com. Vice magazine. Retrieved 5 December 2015.
  40. Rhysider, Jack. "Ep 2: The Peculiar Case of the VTech Hacker". Darknet Diaries. Retrieved 5 May 2018.
  41. 1 2 Hunt, Troy (28 November 2015). "When children are breached – inside the massive VTech hack". troyhunt.com. Retrieved 5 December 2015.
  42. 1 2 Franceschi-Bicchierai, Lorenzo (30 November 2015). "Hacker Obtained Children's Headshots and Chatlogs From Toymaker VTech". motherboard.vice.com. Vice magazine. Retrieved 5 December 2015.
  43. Whittaker, Zack (30 November 2015). "VTech hack gets worse: Chat logs, kids' photos taken in breach". ZDNet.com. Ziff Davis. Retrieved 5 December 2015.
  44. VTech press release (3 December 2015). "FAQ about Data Breach on VTech Learning Lodge (last update: December 3, 2015, HKT)". vtech.com. Retrieved 5 December 2015.
  45. Mukherjee, Supantha; Finkle, Jim (3 December 2015). "Digital toymaker VTech hires FireEye to secure systems after hack". Reuters.com. Retrieved 5 December 2015.
  46. Nunnikhoven, Mark (27 November 2015). "Hacked? Don't Respond Like This". linkedin.com. Retrieved 5 December 2015.
  47. Finkle, Jim (2 December 2015). "Congress wants VTech details on child data it collects". Reuters.com. Retrieved 5 December 2015.
  48. "Tech Tent". BBC. 12 February 2016.
  49. Hunt, Troy (9 February 2016). "No, VTech cannot simply absolve itself of security responsibility". troyhunt.com.
  50. "Vtech covered up a leak of data on 6.3m children and their families, then tried to force us not to sue - the FTC just fined them $0.09/kid / Boing Boing". boingboing.net. 8 January 2018. Retrieved 8 January 2018.