VTech

Last updated

VTech Holdings Limited
Company type Public
SEHK: 0303
Industry Electronics industry
FoundedOctober 1976;48 years ago (1976-10) (as Video Technology Limited)
FounderAllan Wong (Chi-Yun) [1] [2]
Stephen Leung [3]
HeadquartersTai Ping Industrial Centre Block 1, 23rd Floor;
57 Ting Kok Tai Po N.t. Rd., 23/f,
Tai Po, Hong Kong
,
China
Area served
Worldwide
Products
Revenue US$ 1,898.9 million (FY2014)
US$ 203.3 million (FY2014)
Number of employees
Around 30,000
Subsidiaries
Website www.vtech.com
VTech Holdings Ltd.
Traditional Chinese 偉易達集團
Simplified Chinese 伟易达集团
Transcriptions
Standard Mandarin
Hanyu Pinyin Wěi yì dá jítuán
Yue: Cantonese
Yale Romanization wáih yihk daaht jaahptyùhn
Jyutping wai5 jik6 daat6 zaap6tyun4

VTech introduced the world's first 900 MHz and 5.8 GHz cordless phones in 1991 and 2002 respectively.[ citation needed ] As of 2014, the company was the world's largest manufacturer of cordless telephones, according to MZA (as reported by VTech). [31] [ third-party source needed ]

As of 2014, VTech, in its sale of both AT&T and VTech branded phones and accessories, was the largest player in the industry [32] [ clarification needed ], in North America, according to MarketWise Consumer Insights (as reported by VTech). [33] [ third-party source needed ] Outside North America, as of this date,[ when? ] VTech mainly supplied products to fixed-line telephone operators, brand names, and distributors on an ODM basis. [ citation needed ]

Contract manufacturing services (CMS)

VTech started manufacturing products for other brand names on an original equipment manufacturing (OEM) basis in the 1980s and CMS became one of the company's core businesses in the early 2000s.

VTech has been identified as one of the world's top 50 electronics manufacturing services providers, [34] providing electronics manufacturing services for medium-sized companies. VTech's CMS has focused on four main product categories: professional audio equipment, switching mode power supplies, wireless products, and solid-state lighting. [35]

Controversies

2012 working conditions controversy

A June 2012 report from the Institute for Global Labour and Human Rights [36] said the working conditions in the VTech factories in China failed to meet the legal standards and could be described as sweatshops. VTech strongly rejected the allegations in a statement issued on 22 June 2012. [37]

2015 data breach

In November 2015, Lorenzo Bicchierai, writing for Vice magazine's Motherboard, reported that VTech's servers had been compromised and the corporation was victim to a data breach which exposed personal data belonging to 6.3 million individuals, including children, who signed up for or utilized services provided by the company related to several products it manufactures. [38] Bicchierai was contacted by the unnamed attacker in late November, during the week before Thanksgiving, at which point the unnamed individual disclosed information about the security vulnerabilities with the journalist and detailed the breach. [39] [40]

Bicchierai then reached out to information security researcher Troy Hunt to examine data provided by the attacker to Bicchierai, and to confirm if the leak was indeed authentic and not an internet hoax. Hunt examined the information and confirmed it appeared to be authentic. Hunt then dissected the data in detail and published the findings on his website. According to Hunt, VTech's servers failed to utilize basic SSL encryption to secure the personal data in transit from the devices to VTech's servers; that VTech stored customer information in unencrypted plaintext, failed to securely hash or salt passwords. [41]

The attack leveraged an SQL injection to gain privileged root access to VTech servers. Once privileged access was acquired, the attacker exfiltrated the data, including some 190 gigabytes of photographs of children and adults, detailed chat logs between parents and children which spanned over the course of years, and voice recordings, all unencrypted and stored in plain text. The attacker shared some 3,832 image files with the journalist for verification purposes, and some redacted photographs were published by the journalist. Commenting on the leak, the unidentified hacker expressed their disgust with being able to so easily obtain access to such a large trove of data, saying: "Frankly, it makes me sick that I was able to get all this stuff. VTech should have the book thrown at them" and explained their rationale for going to the press was because they felt VTech would have ignored their reports and concerns. [42] [43]

VTech corporate security was unaware their systems had been compromised and the breach was first brought to their attention after being contacted by Bicchierai prior to the publication of the article. Upon notification, the company took a dozen or so websites and services offline. [39] [42]

In an FAQ published by the company, they explain some 4,854,209 accounts belonging to parents and 6,368,509 profiles belonging to children had been compromised. The company further claims the passwords had been encrypted, which is contrary to reports by the independent security researcher contacted by Vice. The company indicated they were working with unspecified "local authorities". [41] [44] VTech subsequently brought in the information security services company FireEye to manage incident response and audit the security of their platform going forward. [45]

Mark Nunnikhoven of Trend Micro criticized the company's handling of the incident and called their FAQ "wishy-washy corporate speak". [46]

U.S. Senator Edward Markey and Representative Joe Barton, co-founders of the Bi-Partisan Congressional Privacy Caucus, issued an open letter to the company inquiring as to why and what kind of information belonging to children is stored by VTech and how they use this data, security practices employed to protect that data if children's information is shared or sold to third parties and how the company complies with the Children's Online Privacy Protection Act. [47]

In February 2016, Hunt publicized the fact that VTech had modified its Terms and Conditions for new customers so that the customer acknowledges and agrees that any information transmitted to VTech may be intercepted or later acquired by unauthorized parties. [48] [49]

In January 2018, the US Federal Trade Commission fined VTech $650,000 for the breach, around $0.09 per victim. [50]

Related Research Articles

<span class="mw-page-title-main">Experian</span> Irish multinational consumer credit reporting company

Experian plc is a multinational data analytics and consumer credit reporting company headquartered in Dublin, Ireland. Experian collects and aggregates information on over 1 billion people and businesses including 235 million individual U.S. consumers and more than 25 million U.S. businesses. It is listed on the London Stock Exchange and is a constituent of the FTSE 100 Index. Experian is a partner in USPS address validation. It is one of the "Big Three" credit-reporting agencies, alongside TransUnion and Equifax.

<span class="mw-page-title-main">Equifax</span> American consumer credit reporting agency

Equifax Inc. is an American multinational consumer credit reporting agency headquartered in Atlanta, Georgia and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In addition to credit and demographic data and services to business, Equifax sells credit monitoring and fraud prevention services directly to consumers.

Uniden Holdings Corporation is a Japanese company in the wireless communication industry.

VTech Innovation, L.P., doing business as Advanced American Telephones, is a telephone manufacturing company.

Philips Consumer Communications, L.P. was a $2.5 billion joint venture of Lucent Technologies and Royal Philips Electronics formed on October 7, 1997. Philips owned 60% of the joint venture, with Lucent owning the other 40%. PCC was a global venture, with branches in more than 100 countries, including the US, Latin America, Asia-Pacific and Europe. Analysts predicted PCC would become one of the major players in the consumer communications business.

<span class="mw-page-title-main">Ticketek</span> Australian event ticketing company

Ticketek is an Australian event ticketing company. Founded in 1990, the company is owned by TEG Pty Ltd with its headquarters in Sydney and operates ticketing operations for entertainment and sporting events in Australia and New Zealand. There are companies using the name Ticketek in other countries however these are not a part of the Ticketek Australia/NZ operations but are a part of Ticketek Pty Ltd/Softix Pty Ltd.

snom German brand of VoIP telephones

Snom Technology GmbH is a German company which manufactures Voice over Internet Protocol (VoIP) telephones, based on the IETF standard Session Initiation Protocol (SIP). Snom's products are targeted at the small- to medium-sized business sector, home offices, Internet service providers, carriers, and original equipment manufacturers. The company, founded in 1996 and headquartered in Berlin, is a wholly owned subsidiary of VTech Holdings Limited, since 2016.

Gigaset AG, formerly known as Siemens Home and Office Communication Devices, is a German multinational corporation based in Bocholt, Germany. More active in the area of communications technology, it manufactures DECT telephones.

<span class="mw-page-title-main">DSP Group</span> American semiconductor company

DSP Group, Inc. was an American company that manufactured chipsets for VoIP, multimedia, and digital cordless applications. Founded in 1987 with headquarters in San Jose, California, DSP Group employed over 400 people at three US sites and offices in Germany, Scotland, Israel, India, Hong Kong and Japan until it was acquired by Synaptics.

Cellebrite DI Ltd. is a digital intelligence company headquartered in Petah Tikva, Israel, that provides tools for law enforcement agencies as well as enterprise companies and service providers to collect, review, analyze and manage digital data. Their flagship product series is the Cellebrite UFED.

<span class="mw-page-title-main">Have I Been Pwned?</span> Consumer security website and email alert system

Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.

<span class="mw-page-title-main">Troy Hunt</span> Australian web security expert

Troy Adam Hunt is an Australian web security consultant known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a data breach search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on Pluralsight, and regularly presents keynotes and workshops on security topics. He created ASafaWeb, a tool that formerly performed automated security analysis on ASP.NET websites.

Connected toys are internet-enabled devices with Wi-Fi, Bluetooth, or other capabilities built in. These toys, which may or may not be smart toys, provide a more personalized play experience for children through embedded software that can offer app integration, speech and/or image recognition, RFID functionality, and web searching functions. A connected toy usually collects information about the users either voluntarily or involuntarily, which raises concerns on the topic of privacy. The data collected by the connected toys are usually stored in a database, where companies that produce connected toys can use the data for their own purposes, provided they do so in line with the protections outlined in the Children's Online Privacy Protection Act (COPPA).

CloudPets were a line of Internet-connected soft toys manufactured by now defunct Spiral Toys that was the subject of numerous security vulnerabilities in February 2017. The plush teddy bear-style toys used Bluetooth to connect to a parent's smartphone to allow distant family members to send voice messages to the toy, and allow children to send voice messages back.

A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.

Stalkerware is monitoring software or spyware that is used for cyberstalking. The term was coined when people started to widely use commercial spyware or monitoring software to spy on their spouses or intimate partners. Stalkerware has been criticized because of its use by abusers, stalkers, and employers.

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

Jerico Pictures, Inc., doing business as National Public Data, was a data broker company that performed employee background checks. Their primary service was collecting information from public data sources, including criminal records, addresses, and employment history, and offering that information for sale.

References

  1. 1 2 3 4 "Silicon's Search For Youth". Forbes. 31 January 2011. p. 1.
  2. 1 2 3 "Transcript: Allan Wong, Chairman and Group CEO, VTech". CNN. 18 October 2006.
  3. 1 2 3 4 5 6 "VTech Global Site".
  4. Baby monitor
  5. 1 2 "Hong Kong's 40 Richest". Forbes. 5 January 2012.
  6. 1 2 "VTech joins fray with tablets for children". South China Morning Post. 12 February 2011.
  7. 1 2 "Company Research - VTech Holdings" (PDF). Maybank Kim Eng. 24 March 2014. p. 7.
  8. "Corporate History | VTech". VTech. Retrieved 23 October 2015.
  9. "HKEx - Investment Service Centre".
  10. "Company announcement – Cancellation of Listing" (PDF). Hong Kong Stock Exchange.
  11. https://www.hkexnews.hk/listedco/listconews/sehk/2011/0617/ltn20110617288.pdf
  12. "Silicon's Search For Youth". Forbes. 31 January 2011. p. 2.
  13. "Kids' computers through the ages". Computerworld UK. 18 July 2011.
  14. Veilleux, C. Thomas (20 April 1992). "While Comdex roars, industry shakes out". HFD. 66 (16). BridgeTower Media Holding Company: 110 via Gale.
  15. "VTech Holdings Ltd. – Company Profile, Information, Business Description, History, Background Information on VTech Holdings Ltd". Reference for Business.
  16. "New Cordless Phones Offer Privacy, Remarkable Clarity". Chicago Tribune. 4 June 1993.
  17. Benjamin, David. "Dalvado". Tech Support. Retrieved 27 October 2023.
  18. Michael Rose (15 June 1992). "VTECH phone is no bump analog; this baby's digital". Business Journal-Portland.
  19. "VTech buys Lucent's consumer phone business for $113m". ElectronicsWeekly.com. 19 January 2000.
  20. "VTech Issues Profit Warning, Plans to Restructure Business". Wall Street Journal Online.
  21. "VTech reverses losses to post $11.2m profit". Reuters. 27 June 2002.
  22. "Annual Report 2012" (PDF). VTech. pp. 16–19.
  23. "The VTech phenomenon". Forbes. 19 October 1998.
  24. "V.Smile TV Learning System for kids". Gizmag. 21 January 2004.
  25. "VTech MobiGo 2 and InnoTab 2 Now Available for Pre-Order". VTech. 18 July 2012. Retrieved 20 July 2020.
  26. "VTech Welcomes 4th Generation Children's Learning Tablets to Award-Winning InnoTab Family, Including First to Feature Android Learning Content". VTech. 5 June 2014.
  27. "VTech brings teacher-endorsed Android games to its InnoTab Max tablet for kids". Gizmag. 8 June 2014.
  28. "There Is Now a 'Smartwatch' for Kids". Mashable. 18 February 2014.
  29. "VTech Global Site".
  30. "VTech Toys US Site".
  31. "Annual Report 2014" (PDF). VTech. p. 5.[ better source needed ]
  32. https://www.hkexnews.hk/listedco/listconews/sehk/2011/0617/ltn20110617288.pdf
  33. "Annual Report 2014" (PDF). VTech. p. 4.[ better source needed ]
  34. "The MMI Top 50 for 2014". Manufacturing Market Insider. Archived from the original on 17 March 2006. Retrieved 8 June 2015.
  35. "VTech Global Site". VTech.
  36. "Reports". Institute for Global Labour and Human Rights. 20 June 2012.
  37. "Media Statement". VTech. 22 June 2012.
  38. "Vtech, having leaked 6.3m kids' data, has a new EULA disclaiming responsibility for the next leak / Boing Boing". boingboing.net. 9 February 2016. Retrieved 8 January 2018.
  39. 1 2 Franceschi-Bicchierai, Lorenzo (27 November 2015). "One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids". motherboard.vice.com. Vice magazine. Retrieved 5 December 2015.
  40. Rhysider, Jack. "Ep 2: The Peculiar Case of the VTech Hacker". Darknet Diaries. Retrieved 5 May 2018.
  41. 1 2 Hunt, Troy (28 November 2015). "When children are breached – inside the massive VTech hack". troyhunt.com. Retrieved 5 December 2015.
  42. 1 2 Franceschi-Bicchierai, Lorenzo (30 November 2015). "Hacker Obtained Children's Headshots and Chatlogs From Toymaker VTech". motherboard.vice.com. Vice magazine. Retrieved 5 December 2015.
  43. Whittaker, Zack (30 November 2015). "VTech hack gets worse: Chat logs, kids' photos taken in breach". ZDNet.com. Ziff Davis. Retrieved 5 December 2015.
  44. VTech press release (3 December 2015). "FAQ about Data Breach on VTech Learning Lodge (last update: December 3, 2015, HKT)". vtech.com. Retrieved 5 December 2015.
  45. Mukherjee, Supantha; Finkle, Jim (3 December 2015). "Digital toymaker VTech hires FireEye to secure systems after hack". Reuters.com. Retrieved 5 December 2015.
  46. Nunnikhoven, Mark (27 November 2015). "Hacked? Don't Respond Like This". linkedin.com. Retrieved 5 December 2015.
  47. Finkle, Jim (2 December 2015). "Congress wants VTech details on child data it collects". Reuters.com. Retrieved 5 December 2015.
  48. "Tech Tent". BBC. 12 February 2016.
  49. Hunt, Troy (9 February 2016). "No, VTech cannot simply absolve itself of security responsibility". troyhunt.com.
  50. "Vtech covered up a leak of data on 6.3m children and their families, then tried to force us not to sue - the FTC just fined them $0.09/kid / Boing Boing". boingboing.net. 8 January 2018. Retrieved 8 January 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.