Are Smartwatches Safe? Study Finds Hackers Can Monitor, Communicate With Kids
The United States Federal Trade Commission has been asked by security researchers and consumer advocates to investigate smartwatches marketed to kids that may suffer from significant security flaws that put the privacy and safety of children at risk.
The request came following a study conducted by the Norwegian Consumer Council (NCC) and the security firm Mnemonic that tested a number of children’s smartwatches and found the devices were easy for a threat actor to compromise.
Mnemonic, a cybersecurity firm headquartered in Norway, tested four separate smartwatches and found what it deemed to be “significant security flaws” in three of them—including vulnerabilities that could allow an attacker to hijack the device.
Allowing an attacker to gain unauthorized access to a smartwatch could put both children and parents in harm’s way—especially since many of the devices tested contained a number of features that could reveal sensitive and personal information.
The watches tested—which included the Gator 2, TickTalk, Xplora and Tinitell—sported a variety of features but most included location tracking via GPS, a built-in microphone for communications and a camera. While the features may have been designed to make it easier for parents to keep in contact with their children, it may also be used for nefarious purposes by hackers.
According to the researchers at Mnemonic, a hacker can “take control of the watch and track, eavesdrop on and communicate with the child”—a process that the group claims can be done in just “a few simple steps.”
There were five primary vulnerabilities identified by the researchers, which included security flaws that would allow for unauthorized access to the device, the ability to perform remote audio surveillance, the ability to spoof or hide the location of the device—an issue that could allow an attacker to make it appear as though a child hasn’t left a certain area when they actually have.
The researchers also found the emergency functionality for one of the watches is compromised and stores data in an unsecure manner.
Two of the watches allow an attacker to access apps on the device, which could compromise a child’s real-time activity as well as historical location and other personal details shared with the app. In at least one instance, a hacker could communicate directly with a child unbeknownst to the parent or guardian.
The NCC, along with seven consumer watchdog groups in the United States including EPIC and the Center for Digital Democracy have called upon the FTC to look into the devices and determine if they violate laws designed to protect children and consumers. Because some of the watchers are sold within the U.S., the agency should have jurisdiction to investigate.
It is not the first time children’s electronics have come under fire for potentially exposing the information of underage users or allowed attackers to spy on kids and parents through what appear to be innocuous toys.
Last year, consumer watchdog groups in the U.S. and Europe filed complaints against a number of so-called “smart toys” claim that so-called smart toys are in violation of privacy and data protection laws.
© Copyright IBTimes 2024. All rights reserved.