ADVERTISEMENT

Security flaws in child smartwatches mean hackers can use them to spy on kids' locations

The devices could be hijacked and used to eavesdrop on children — or even send them messages, researchers found.

  • Researchers have found major security flaws in childrens' smartwatches that could let hackers hijack them.
  • In some cases, they could be used to track kids' locations, eavesdrop on them, or send them messages.
  • At least one retailer has since pulled some of the devices off its shelves.
ADVERTISEMENT

Security flaws in a number of smartwatches aimed at children means hackers and strangers could hijack them and use them to track and eavesdrop on kids.

The various issues were discovered by security firm Mnemonic, working with the Norweigan Consumer Council, after it analysed the Gator, Tinitell, Viksfjord/SeTracker, and Xplora smartwatches.

The devices are marketed as a way for parents to keep tabs on and communicate with their children via apps — but some have very serious security flaws, and fall short of various standards. "Three of the four watches that were tested were found to contain significant security flaws," Mnemonic wrote in its report. "The flaws are not technically difficult to exploit, and in two cases, allow a third party to surreptitiously take control over the watch."

ADVERTISEMENT

The Gator 2, Viksfjord/SeTracker, and Xplora devices were all found to have "multiple serious and practical attacks." In the Gator 2, for example, this includes hijacking the device, allowing the attacker to track its current location (and hence, the location of its child wearer), location history, the ability to send voice messages to the watch, and editing contact phone numbers it stores.

The Viksfjord/SeTracker, meanwhile, can be turned into a "remotely controllable listening device," or give an attacker the ability to communicate directly with the child.

And the researchers were able to access sensitive data from other Xplora customers, including locations, names, and phone numbers — suggesting it is not being stored properly.

Meanwhile, none of the four devices give users the option to delete their accounts or have location data delete automatically after a set period of time. Only the Tinitell promises to implement reasonable security standards, Mnemonic said.

John Lewis, the British high street retailer, has since stopped selling a Gator kids' smartwatch, telling The Telegraph: "As a precautionary measure we have withdrawn from sale all Gator smartwatch products while we await further advice and reassurance from the supplier."

ADVERTISEMENT

FOLLOW BUSINESS INSIDER AFRICA

Unblock notifications in browser settings.
ADVERTISEMENT

Recommended articles

US troop withdrawal from Niger hangs in the balance

US troop withdrawal from Niger hangs in the balance

Detained Binance executives sue Nigerian authorities for human right violation

Detained Binance executives sue Nigerian authorities for human right violation

Nigeria's central bank increases minimum capital base for banks

Nigeria's central bank increases minimum capital base for banks

Sony’s creators convention redefines the creative landscape for content creators

Sony’s creators convention redefines the creative landscape for content creators

Exploring the popularity of progressive jackpot slots in Indonesia

Exploring the popularity of progressive jackpot slots in Indonesia

Egypt, Nigeria, and South Africa ranked as Africa's most polluted countries in new report

Egypt, Nigeria, and South Africa ranked as Africa's most polluted countries in new report

10 African countries with the lowest life expectancy according to the World Bank

10 African countries with the lowest life expectancy according to the World Bank

Kenyan women are more obese than their men - here’s why

Kenyan women are more obese than their men - here’s why

Africa’s richest man Dangote stands between Europe and $17 billion in revenue

Africa’s richest man Dangote stands between Europe and $17 billion in revenue

ADVERTISEMENT