Smartwatches focused at parents looking to keep an eye on their children could have been hacked to allow outside access, researchers have said
Security researchers from British security shop Pen Test Partners analysed a bunch of these watches, made by different manufacturers, and came to the same conclusion – the products have “shocking levels of insecurity’.
Nothing is encrypted, everything is being sent around in plain text, and with a little knowledge and a little automation, you could get pictures, names, gender, birthdates, height, weight and a bunch of other data on thousands of kids. You could also track their location and talk to them.
"We believe that in excess of a million smart kids tracking watches with similar vulnerabilities are being used, possibly in excess of three million globally," said researcher Alan Monie on Tuesday.
"These are sold under numerous brands, but all appear to use remarkably similar APIs, suggesting a common original device manufacturer or ODM."
"These new attack vectors can not only be performed remotely (including capturing the IMEI remotely), but allow an attacker to build up a global picture of the location of all the children," said Monie. "Combined with caller ID spoofing, this attack becomes really nasty."
We are yet to hear any comment from the companies selling these watches.
Image Credit: Franklin Heijnen / Flickr