• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

Kids’ Smartwatches Are a Security Nightmare Despite Years of Warnings

by technewshero
December 14, 2020
in Security
0
Kids’ Smartwatches Are a Security Nightmare Despite Years of Warnings
Share on FacebookShare on Twitter

Connecting every possible device in our lives to the internet has always represented a security risk. But that risk is far more pronounced when it involves a smartwatch strapped to your child’s wrist. Now, even after years of warnings about the security failings of many of those devices, one group of researchers has shown that several remain appallingly easy for hackers to abuse.

In a paper published late last month, researchers at the Münster University of Applied Sciences in Germany detailed their testing of the security of six brands of smartwatches marketed for kids. They’re designed to send and receive voice and text messages, and let parents track their child’s location from a smartphone app. The researchers found that hackers could abuse those features to track a target child’s location using the watch’s GPS in five out of the six brands of watch they tested. Several of the watches had even more severe vulnerabilities, allowing hackers to send voice and text messages to children that appear to come from their parents, to intercept communications between parents and children, and even to record audio from a child’s surroundings and eavesdrop on them. The Münster researchers shared their findings with the smartwatch companies in April, but say that several of the bugs they disclosed have yet to be fixed.

The Münster study builds on years of similar findings. Several vulnerabilities in kids’ smartwatches have been found in previous research including a study by the Norwegian consumer protection agency that found similarly alarming problems. The European Commission even issued a recall for one kid-focused smartwatch last year. Given those repeated exposés, the Münster researchers were surprised to find the products they tested still riddled with vulnerabilities.

“It was crazy,” says Sebastian Schinzel, a Münster University computer scientist who worked on the study and presented it at the International Conference on Availability, Reliability, and Security in late August. “Everything was basically broken.”

The Münster researchers focused on six smartwatches sold by JBC, Polywell, Starlian, Pingonaut, ANIO, and Xplora. But as they looked into the watches’ design, they found that JBC, Polywell, ANIO, and Starlian all essentially use variations on a model from the same white label manufacturer, with both the watch hardware and backend server architecture provided by a Shenzhen-based Chinese firm called 3G.

Those four devices turned out to be the most vulnerable among those tested. The researchers found, in fact, that smartwatches using 3G’s system had no encryption or authentication in their communications with the server that relays information to and from the parents’ smartphone app. Just as with smartphones, every smartwatch comes with a unique device identifier known as an IMEI. If the researchers could determine the IMEI for a target child, or simply choose one at random, they could spoof the communications from the smartwatch to the server to tell it a false location for the child, for instance, or send an audio message to the server that appeared to come from the watch. Perhaps most disturbingly, they say they could similarly impersonate the server to send a command to the smartwatch that initiated audio recording of the watch’s surroundings that’s relayed back to the hacker.

Separately, the researchers say they found multiple instances of a common form of security flaw in the 3G’s backend server, known as SQL injection vulnerabilities, in which the inputs to a SQL database can include malicious commands. Abusing those flaws could have given a hacker broad access to users’ data—though for legal and ethical reasons the team didn’t actually attempt that data theft. “We didn’t want to harm people, but we could have gotten all the user data and all the position data, voice messages from the parents to the children, and vice versa,” says Münster University researcher Christoph Saatjohann.

Previous Post

Big Tech’s India Plans Can’t Seem to Bypass Reliance

Next Post

Facebook Messenger Now Allows Users to Watch Videos Together Online

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
Next Post
Facebook Messenger Now Allows Users to Watch Videos Together Online

Facebook Messenger Now Allows Users to Watch Videos Together Online

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Vested, a newly minted startup, aims to help startup employees understand precisely when to buy their options – TechNewHero

September 26, 2019
Nintendo is remaking the first portable gaming system it ever built – TechNewHero

Nintendo is remaking the first portable gaming system it ever built – TechNewHero

December 14, 2020
Save your Samsung Gallery Stories before they disappear forever

Save your Samsung Gallery Stories before they disappear forever

December 16, 2020

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?