IoT Smartwatch Could be revealing your kid’s location

  • Researchers found 47 million vulnerable devices, including over 5 million used by children.
  • Saved voice recordings of children communicating with their parents were found in the vulnerable cloud, allowing anyone to download them.

One of the greatest threats presented by IoT is decreased privacy. Recently, millions of children’s GPS-enabled smartwatches were reported to be vulnerable to outsiders.

What happened?

UK research group Pen Test Partners released the finding with 47 million vulnerable devices, used by over five million children. “It’s only the tip of the iceberg,” they said.

  • A flawed cloud platform, developed by Chinese electronics maker Thinkrace, was discovered.
  • Location of anyone using its location-tracking devices or services could be exposed with a bit of know-how of a hacker.
  • As per reports, these vulnerabilities were being reported since 2015, and some resellers even rectified those, whereas many did not.

Type of threat found

The vulnerabilities were present on the smartwatches traded across Turkey, Poland, Mexico, Belgium, Hong Kong, Spain, the Netherlands, and China.

  • The data was found unprotected and devoid of using any kind of authentication.
  • The account numbers weren’t randomized, so incrementing an account number by one nets the access to other’s data in the queue.
  • Saved voice recordings of children communicating with their parents were found in the vulnerable cloud, allowing anyone to download them.

A similar revelation

Last month, researchers with AV-TEST in Germany also claimed to discover personal information of smartwatch users left unencrypted via a publicly accessible web API. It included information including real-time GPS position data sent via childrens’ watch via inserted SIM cards.

“The Chinese children’s watch is anything but a product for the protection of children, but on the contrary a real danger. It offers potential attackers the ability to identify the location of more than 5,000 children and access data from over 10,000 parent accounts,” said Maik Morgenstern, CTO at AV-TEST.

Protection and prevention tip

  • Make sure the seller guarantees data privacy of such devices.
  • If you’re using one right now, it’s time to get rid of it and use better products instead.