A tablet aimed at children aged between three and nine years old has a severe security flaw which allows hackers to spy on the children.
Known as the InnoTab Max or the Storio Max and available for £115 ($120), the 'safe' tablet allows parents to approve a website before their children can visit it.
But, it has been revealed, customers with affected devices are at risk of criminals taking control of the popular gadget and snooping on the vulnerable youngsters.
Accomplished hackers can monitor children, listen to them, talk to them, have full access and control of the device and even watch them through the webcam.
A watchdog exposed the flaw and the Chinese firm has now released a fix to the problem and a link to the software update is available at the top of its website.
Scroll down for video
VTech, based in China, was made aware of the issue several months ago by a cyber-security company and has released a software update to fix the flaw.The firm's flagship product is a tablet called Storio Max, or the InnoTab Max in the UK (pictured)
Before it was placed in the prominent position on the site, VTech relied on pop-up alerts on the tablet to prompt the installation of the update.
The tablet is designed to give parents greater peace of mind and assurance than most internet-compatible tablets such as the iPad and Kindle which have more liberal internet access.
VTech's tablets give parents and carers the opportunity to restrict access to websites at their own discretion.
Earlier this year, researchers at London-based SureCloud discovered a flaw that they made it vulnerable to attack if one or more of the pre-vetted sites were compromised.
'To find the vulnerability in the first place wasn't easy,' Luke Potter, the firm's cyber-security practice director told BBC News.
'But to actually exploit it once you know it's there is reasonably simple.'
The flaw means that malicious code can be remotely triggered to run on the devices from afar.
Mr Potter said this could involve making use of 'off-the-shelf' malware available from criminal markets or running customised code.
'Remote access can be gained without the child even knowing,' he explained.
'So effectively being able to monitor the child, listen to them, talk to them, have full access and control of the device.
'For example, we demonstrated viewing things through the webcam.'
A notice at the top at the toy manufacturers homepage (pictured) eludes to the update which corrects the issue but not all devices have installed the fix. Before the update was placed in the prominent position on the site it relied on pop-up alerts on the tablet
VTech told MailOnline: 'We thank SureCloud for bringing this vulnerability on the Storio Max, which is called InnoTab Max in the UK, to our attention.
'We took immediate action in early summer to resolve the issue and pushed out a firmware upgrade to all affected InnoTab/Storio Max devices in Europe.
'Since then, pop up messages will appear on the device from time to time to prompt the device owners to perform the upgrade until it is done.
'Furthermore, most recently, for those users in Europe who have still not performed the upgrade, an email is being sent urging them to do so.
'This was a controlled and targeted “ethical hack” by SureCloud, which is a sophisticated cyber firm that was in possession of a detailed knowledge of hacking techniques and InnoTab/Storio Max’s firmware.
'We are not aware of any actual attempt to exploit the vulnerability and we consider the prospects of this happening to be remote.
'However, the safety of children is our top priority and we are constantly looking to improve the security of our devices.'
HOW CAN PARENTS PROTECT THEIR CHILDREN ONLINE?
A recent study found when sharing parenting advice on social media, common topics included:
- Getting kids to sleep (28 per cent)
- Nutrition and eating tips (26 per cent)
- Discipline (19 per cent)
- Daycare/preschool (17 per cent)
- Behaviour problems (13 per cent)
These common topics of conversation often reveal key information about a child, including: name, age/date of birth, school name and even their appearance.
Whilst it may be very difficult to protect the privacy of children in the digital age, there are some things that can be done to shelter children from online dangers.
Know your privacy settings
It is amazing how many parents leave on their Instagram location settings. Set your location settings to off if you do not want people to be able to figure out where you and your children live.
Only share with people who care
Ask yourself if all the people you're sharing your photos with really want to see them and will they protect them in a way you would.
Explore private social networks
Private social networks offer a secure way to share the pictures of your children with your family and friends.
Don't take any digital photos
Ultimately the only way to be 100 per cent sure that you don't have a digital footprint is not to have any digital photos taken but this isn't a road the vast majority of people want to go down.