Researchers at Germany's Münster University of Applied Sciences found smartwatch brands marketed for children are exploitable, based on years of similar findings.
Of the six brands investigated, four use variants of a model from the same white label manufacturer, with hardware and backend server architecture from Chinese company 3G.
Smartwatches using that system lack encryption or authentication in their communications with the server that sends data to and from parents' location-tracking smartphone application.
Hackers could exploit such a smartwatch's International Mobile Equipment Identity (IMEI) identifier to spoof communications from the watch for nefarious means, or they could abuse Structured Query Language injection vulnerabilities in 3G's backend server to send malicious commands to the watches.
Münster's Sebastian Schinzel said, “It's 2020. How can you sell something that speaks over mobile networks, is unencrypted and has no authentication or anything?”
View Full Article - May Require Paid Subscription
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found