It turns out that children’s smartwatches, devices usually advertised as “pro-safety”, are actually incredibly dangerous. After various reports by security researchers, the European Commission ordered the recall of specific smartwatches that make it easy for an attacker to locate and contact a child.
Children’s Smartwatches Recalled – The Full Story
Usually, Children’s smartwatches are things you use to keep a lookout for your child. It seems like these watches may actually have very dangerous vulnerabilities. Using these vulnerabilities, an attacker can easily locate and communicate with the child. In other words, instead of protecting your kid, these children’s smartwatches are actually publicly announcing their presence to attackers.
To protect the public from these issues, the European Commission issued a recall for some of the devices. Here’s the risk these devices pose:
“The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data.”
In some brands, the apps give hackers access to a child’s complete portfolio, including:
The child’s photo
Name, gender, date of birth.
Weight and Height
Parents’ phone number
The watch’s phone number (Sim card)
Additionally, the watch can easily be used to communicate with your child. An attacker can easily tap into the “remote listening” feature. This feature allows parents to listen in on their child’s activities at any given time. The attacker can also use the GPS feature to track the child’s location in real-time. In fact, the attacker can alter the system and make it seem like the child is somewhere their not. Even worse, they can change the “safe zone” setting to make it seem like the child never left.
By using a basic online prank call service, someone can easily spoof the parent’s phone number and then contact the child. Because the watches don’t use standard forms of communication security, this doesn’t take a lot of technical know-how to pull off.
The European Commission’s Ban
Since the vulnerabilities found in children’s smartwatches make it easier for a predator lure the child out, the European Commission’s ban seems like a step that’s a bit long overdue. Germany banned the sale of these watches in 2017 over surveillance concerns. The watches were in violation of the surveillance laws of the country because of their lack of security.
In fact, this isn’t the first time and IoT was found to be dangerously vulnerable. In general, manufacturers don’t really invest in applying standard security measures. The fact is, the field developed so quickly, manufacturers prefer to invest in getting their products to work before everyone else does. Unlike smartphones, IoT manufacturers haven’t started thinking of the IoT’s operating system as a vital component of the device.
How to Stay Safe from Children’s Smartwatches
When it comes to the safety of your children, all I can tell you is not to use these smartwatches. In fact, try to keep your children and their data as far away from IoTs. Unless you know for a fact that proper security measures have been taken, do not put your child’s data online.
The fact of the matter is, we have not yet reached a level where we can legally force manufacturers to pay attention to security. These bans and recalls are definitely a step in the right direction, though. The companies that make children’s smartwatches must now seriously think about their product’s security measure before they put them out on the market. Hopefully, the rest of the world will take a page of the European Commission’s book and enact similar laws.
How to Protect The Rest of Your IoTs
When it comes to using different IoT devices, you need to understand what measures you should take to maintain your security. While these measures may not remove all of the vulnerabilities, they do make your devices more difficult to hack into. In cases of botnet attacks and massive data breaches, your devices will more likely to be passed in favor of devices that don’t have added security measures.
Change the Default Password. An IoT’s configuration page usually comes with a default username and password. Most people don’t change these defaults, which are easily found online. To keep your devices secure, change your default password (and username if possible) to a unique and strong password.
Update Your Devices Regularly. Even though manufacturers don’t always update their products, you need to make sure you always download any security update.
Turn Off The Device. If you’re not currently using the device, take the device offline. You do not need to keep your devices online and exposed 24/7.
These bans, which specifically make the sale of these watches illegal, are exactly what we need at the moment. The only way to force manufacturers to take internet security seriously is to affect their bottom line. Hopefully, we’ll soon see legislation that finally regulates IoTs and how they engage with their users’ data.
A reader, writer, and avid internet user. Hiba has spent the better part of her adult life looking for ways to have a safer and more user-friendly online experience, all while praising the uses of VPN connections to anyone who would listen.