The hacking of online accounts is a terrible thing, but the hacking of accounts owned by children is unforgivable. Last month it was revealed that Toy manufacturer VTech had its database hacked, but most shocking, passwords were insecurely stored.
Passwords are usually recorded as codes generated by an algorithm and that are unique to the word. This might stop someone viewing the password, but it doesn’t stop an attacker looking up the code and matching password in a database known as a Rainbow Table. For this reason developers use a salt; an extra computer generated code appended to the password to make these Rainbow Tables useless. However even then the password isn’t secure. A modern computer can test every single combination of a 6 character password, hashed with the md5 algorithm, and find its value within 40 seconds.
As computers get faster the quicker it will get to crack passwords. Over time servers will become less secure simply by doing nothing.
With this in mind you can only wonder why toy makers even dreamt of storing personal information of children, let alone do it insecurely.
- Do not require any personal data to play
- Do not store any personal data on our toys
- Do not ask for any personal data from kids
- Design our data usage policy in such way that even a 6-year-old can understand it
- Give our customers full control on how the data flows to and from toys
- If our customers agree to provide anonymous usage data, it has to produce clear value to them
The level-headed approach is in keeping with the toy which portrays itself as a wholesome alternative to zombie inducing glowing screens. They’re certainly one of my favourite toys, simply because the technology is hidden away inside to create a bit of magic and provoke those imagination muscles.
Earlier in the year they were unable to reach their Kickstarter goal, but saw enough demand to launch anyway. You can now pre-order Avakai for €129 (£93) from their website.