Home Tech Warning issued after child smartwatches found to be vulnerable to hackers

Warning issued after child smartwatches found to be vulnerable to hackers


Some childrens smart watches have been found to have security flaws that make them vulnerable to hackers, a watchdog has warned.

The Norwegian Consumer Council (NCC) tested watches from brands including Gator and GPS for Kids.

It said it discovered that attackers could track, eavesdrop or even communicate with the wearers.

The manufacturers involved insist the problems have either already been resolved or are being addressed.

UK retailer John Lewis has already withdrawn one of the named smartwatch models from sale in response.

The smartwatches tested essentially serve as basic smartphones, allowing parents to communicate with their children as well as track their location.

Some include an SOS feature that allows the child to instantly call their parents.

The NCC said it was concerned that Gator and GPS for Kids’ watches transmitted and stored data without encryption.

It said that meant strangers, using basic hacking techniques, could track children as they moved, or make a child appear to be in a completely different location.

Director General of EU consumer group BEUC Monique Doyens warns that these watches shouldn’t be for sale. “Parents buy them to protect their children. However, they are probably unaware that instead of protecting them they are making their children more vulnerable.”

“Products which are connected to the internet are everywhere. Unfortunately, some producers seem to turn a blind eye to basic security and privacy standards in their rush to market such products. Market surveillance authorities should make sure that such products never reach the market in the first place,” she added.

This isn’t the first issue to surface with childrens smart products either.

Earlier this year Germany’s telecommunications regulator issued a ban against a line of smart toys called “My Friend Cayla,” calling the toy an espionage device, and recommending that parents destroy all toy instances at once.

According to a press release published by Germany’s Federal Network Agency (Bundesnetzagentur), the Cayla dolls were recording child conversations and sending the audio to their manufacturer, a company based in the US.

Based on the description on its homepage, the Cayla dolls were designed to pick up children questions, send them to an app on the parent’s device, which translated the audio to text and searched for an answer online.

The toy itself has been hacked by security researchers, who showed that the communications between the Cayla doll and the parent’s app were not sufficiently protected, allowing an attacker to intercept audio recordings, or relay custom audio to the toy, possibly scaring the child.

Last year, security researchers from Pen Test Partners found several flaws in the firmware of BB-8 Star Wars smart toys.

Similarly, security experts from Rapid7 found that they could harvest personal data about children and their parents from Fisher-Price smart toys and hereO GPS kids’ watches.

In 2015, a security researcher named Matt Jakubowski said the hacked the Hello Barbie smart toy to extract enough personal information to track down someone’s home location.