Child smart watches can be hacked to track and eavesdrop on kids

Data is transmitted and stored without encryption and can be hacked, research has found

A number of smart watches aimed at children have been found to be prone to hacks. Photograph: iStock

A number of smart watches aimed at children have been found to be prone to hacks. Photograph: iStock

 

A number of smart watches for children have been found to pose considerable security risks, according to a Norwegian consumer watchdog.

The purpose of some of the smart watches the organisation tested - the Gator 2, Tinitell, Viksfjord and Xplora - is to allow parents to communicate with their child through a mobile phone function and be able to track the child’s location through an app. However, research from Forbrukerrådet - a Norwegian consumer watchdog which is a member organisation of EU consumer group BEUC - found that some watches can be controlled by strangers who can use them to track and eavesdrop on children.

A Tinitell spokeswoman told The Irish Times their watch is a “secure product...and the only one [in this study] found to be without security vulnerabilities.”

For those devices that aren’t secure, Forbrukerrådet found that in a few simple steps, strangers can eavesdrop and communicate with a child and, more worryingly, can track a child or make it look like the child is somewhere else. This is possible because data in the tested watches is transmitted and stored without encryption.

Other key findings from the researchers was that an SOS button on the watches was unreliable and can be circumvented by hackers, illegal or non-existent terms and conditions and personal data protection flaws.

Monique Goyens, BEUC director general, warned that these watches shouldn’t find their way into shops. “Parents buy them to protect their children. However, they are probably unaware that instead of protecting them they are making their children more vulnerable.”

“Products which are connected to the internet are everywhere. Unfortunately, some producers seem to turn a blind eye to basic security and privacy standards in their rush to market such products. Market surveillance authorities should make sure that such products never reach the market in the first place,” she added.