23 Dec 2015 | With Christmas just around the corner, parents everywhere have been hunting for this season’s hottest toys. One of the biggest trends for kids – as if it were any surprise – have been toys that connect to the Internet, adding fun features and a whole new dimension to play.
For all their benefits, these toys come with a host of risks that parents and even the companies themselves are just starting to wake up to. Many parents and experts are wondering whether their children’s information is being kept safe, and how vulnerable they are to malicious hackers.
One of the most severe cases came to light this month when news broke that the Hong Kong-based manufacturer VTECH had been the victim of hackers. The revelation was accompanied by a wave of widespread shock that the attackers had managed to walk away with the personal data of over six million kids.
Amit Ashbel, a Cyber Security Evangelist at Checkmarx who posted on the attack, spoke with Geektime about the hack, saying that, “The hacking was on a really basic level. The data was stolen with an SQL injection, which is very common. It could have been very easy to prevent through better security in the coding.”
“Their level of encryption was weak at best and out of date when compared to industry standards,” Ashbel explained, highlighting an issue that is unfortunately exceedingly common throughout the sector.
Read the whole article here.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.