VTech Leak Contained Headshots of Kids and Chat Logs

Recently it came to light that VTech had been hacked, potentially revealing thousands of emails and usernames. The hacker has revealed more information though on what was contained and revealed within the hack, the information which was revealed yesterday.

The data that was obtained from the hack contained around 4.8 million users details, but the scope of the information is nothing compared to what the hacker was able to obtain. 200GB’s of images were downloaded from the server containing images of both the parents and child of the registered accounts, coupled with the chat logs between parents and children (some of which are recording of conversations).

VTech suggests using the image so that it’s easier for parents and children to talk and interact through their services. The hacker provided Motherboard with 3,832 image files and at least one audio recording to prove that the information they obtained was legitimate and the scope of the risk from such an amount of data.

If that wasn’t bad enough, the photos, chats and recordings were often linked to usernames, something that normally wouldn’t be a problem but with usernames, address and emails being revealed and even their security questions and answers (meaning that resetting your password would have been an easy task).

While the service has been stopped by VTech while they investigate. The hacker stated, “it makes me sick that I was able to get all this stuff” and I think it’s fair to say that no matter what they do VTech has a lot to answer for.

3D Robotics Launch DroneKit Open Source API for App Development

It looks like 3D Robotics have launched the DroneKit API for drone app development as a free open source software. The API can be used to develop apps for drones or onboard drone software, having it be completely flexible and multi-platform oriented.

“Unlike other APIs for drones, there are no levels of access to DroneKit; it’s completely flexible and open,” said Brandon Basso, VP of software engineering for 3DR. “The platform works on laptops as well as mobile devices. Best of all, once an app is created, the app automatically works on any computing platform – the interface is always the same.”

The company is said to have released the API to the community so that people interested in drones are able to customise how they use them in the field. The DroneKit API is said to allow you to set waypoint flight paths, follow GPS targets, while also allowing the developer to view playbacks and log analysis of flights.

The above mentioned features are just an example of what the API brings to developers, having it come with a variety of feature which were previously unavailable to drone enthusiasts.

Thank you TweakTown for providing us with this information

Experts Find ‘Backdoor’ in iOS Functions that Allows Personal Data Monitoring

A forensic scientists warned people about the fact that Apple has undocumented functions in its iOS operating system which allows people to wirelessly connect and extract pictures, text messages and other sensitive data, without the need of either a password or PIN.

iOS jailbreaker and forensic expert, Jonathan Zdziarski, has apparently revealed the functions at the Hope X conference, where he stated that any device that has ever been paired with the target handset can be used to access the functions. Zdziarski has also stated that he is unsure of Apple engineers enabled the mechanism intentionally in order to make room for easier surveillance by the NSA or law enforcement groups.

The most concerning service of all is the com.apple.mobile.file_relay. It is said to generate a huge amount of data, including account data for email services, Twitter, iClound, a full copy of the address book including deleted entries, the user cache folder, geographic position logs, a complete dump of the user photo album, and many more. All the data is available and accessible without requiring any additional security protocols, such as passwords or PINs.

Zdziarski has also added two other services, the com.apple.pcapd and com.apple.mobile.house_arrest, stating that the latter may have legitimate uses for app developers or support engineers. However, the data generated can be used to spy on users by government agencies or anyone who knows how to access the logs. For example, the pcapd allows people to wirelessly monitor all network traffic traveling into and out of the device, even when the handset is not running in a special developer or support mode. In addition, the house_arrest allows the copying of sensitive files and documents from Twitter, Facebook, and many other applications.

While the services are available and can be read by all, Zdziarski tells that not every hacker out there is out to get your data. He said that only “technically knowledgeable people who have access to a computer, electric charger, or other device that has ever been modified to digitally pair with a targeted iPhone or iPad” can access the data.

Thank you Arstechnica for providing us with this information
Images courtesy of Arstechnica