A location-tracking smartwatch popular among thousands of children has been found to be vulnerable to hackers, according to BBC.
A researcher found MiSafes Kid’s Watcher Plus, a GPS-based smartwatch, neither encrypted the data they used nor secured each child’s account.
As a result, he said, he could track children’s movements, surreptitiously listen in to their activities and make spoof calls to the watches that appeared to be from parents, reports BBC.
The watchmaker and the China-based company listed as the product’s supplier did not respond to BBC or the researcher after they contacted them about the problem.
First released in 2015, the MiSafes watch uses a global positioning system (GPS) sensor and a 2G mobile data connection to let parents see where their child is, via a smartphone app.
The vulnerability was discovered by Ken Munro, a cyber expert at Pen Test Partners. “We were shocked by how easy [the smart watch] was to hack,” Munro told The Telegraph.
He said he was able to access children’s profile details which include a photograph, name, date of birth, gender, weight and height.
Using the watch, parents can hear what their children are saying and start a call with them.
Pen Test Partners proved that someone could swap the caller number for their own and contact the child under the name “Mum” or “Dad”
Researchers bought several watches to test and found that they could:
- trigger the remote listening facility of someone else’s watch, with the only warning being that a brief “busy” message appeared before its screen returned to blank
- track the wearer’s current and past locations
- alter the safe zone facility so that alerts were triggered by a child’s approach rather than their departure
“This is another example of unsecure products that should never have reached the market,” said Gro Mette Moen, Norwegian Consumer Council’s acting director of digital services.
“Our advice is to refrain from buying these smartwatches until the sellers can prove that their features and security standards are satisfactory.”
MiSafes was also in the news in February when an Austrian cyber-security company discovered several flaws with its Mi-Cam baby monitors.