The BBC is reporting that a location-tracking smartwatch worn by thousands of children has proven relatively easy to hack.
A security researcher found the devices neither encrypted the data they used nor secured each child’s account.
As a result, he said, he could track children’s movements, surreptitiously listen in to their activities and make spoof calls to the watches that appeared to be from parents…
Pen Test Partner’s Ken Munro and Alan Monie learned of the product’s existence when a friend bought one for his son earlier this year.
Out of curiosity, they probed its security measures and found that easy-to-find PC software could be used to mimic the app’s communications…It’s probably the simplest hack we have ever seen,” he told the BBC…
…The Norwegian Consumer Council highlighted other cases of child-targeted smartwatches with security flaws last year.
It said the MiSafes products appeared to be “even more problematic” than the examples it had flagged.
“This is another example of unsecure products that should never have reached the market,” said Gro Mette Moen, the watchdog’s acting director of digital services.
“Our advice is to refrain from buying these smartwatches until the sellers can prove that their features and security standards are satisfactory.”