Vulnerabilities Found in Kids’ Smartwatches Pose Security Risks
Wearable internet-of-things (IoT) devices like smartwatches can help parents keep an eye on their children while also providing them the independence and connectivity they need for their lifestyle and activities. But if you’re planning on buying one for your kid, make sure that the device and its applications won't compromise your kid’s security—online or otherwise.
Security researchers and the Norwegian Consumer Council recently released their findings on several smartwatches designed for kids and reported several vulnerabilities that can compromise privacy and security. According to their report, these security flaws can allow other parties to surreptitiously track the wearer’s whereabouts, eavesdrop on voice messages, and steal personally identifiable information on the device.
The researchers tested three smartwatches, one of which had a user base of 350,000. The two others are products sold worldwide under different brand names. These smartwatches feature real-time GPS tracking and can do two-way calls. According to the Norway-based consumer group, a stranger can easily “take control of the watch and track, eavesdrop on, and communicate with the child. They will be able to track the child as it moves or make it look like the child is somewhere it is not. Some of the data is transmitted and stored without encryption.”
[From the TrendLabs Security Intelligence Blog: Wearing Your Tech on Your Sleeve]
The report also noted the poor implementation of the SOS and phone number whitelisting functions in one of the devices they tested. The notifications transmitted when the wearer leaves a certain area were also unreliable. The Norwegian Consumer Council added that some of the applications in the smartwatches didn’t have an End User License Agreement (EULA), or terms and conditions, which are breaches of the country’s Marketing Control Act and the Personal Data Act.
Indeed, new technologies are redefining how people—especially youngsters—interact. While IoT devices such as smartwatches demonstrate the ease and convenience these technologies bring, they also come with security risks. And for parents, it’s important to balance the need to be more connected, the benefits of providing children more ways for learning and recreation, and the significance of protecting privacy. Apply best practices when using IoT devices for your kids: help them practice online safety, research the device before purchasing it, enable and set up the device’s security features/settings, and more importantly, gauge how the device handles and processes personal data.
[Infographic: 8 Simple Tips to Secure Your Kid’s Smart Device]
The consumer group already notified Norwegian Data Protection Authority, which accordingly informed the smartwatches’ importers and manufacturers. They’ve been advised that some of these flaws have already been patched and that the concerned companies are working to improve their device’s security.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale