Sign In

Communications of the ACM

ACM TechNews

Kids' Smartwatches a Security Nightmare, Despite Years of Warnings


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A girl checks her smartwatch.

Researchers at the Mnster University of Applied Sciences in Germany tested the security of six brands of smartwatches marketed for kids, and found that hackers could abuse features to track a child's location using the watch's GPS in five of the six brands they tested.

Credit: Matt Perrin/Alamy

Researchers at Germany's Münster University of Applied Sciences found smartwatch brands marketed for children are exploitable, based on years of similar findings.

Of the six brands investigated, four use variants of a model from the same white label manufacturer, with hardware and backend server architecture from Chinese company 3G.

Smartwatches using that system lack encryption or authentication in their communications with the server that sends data to and from parents' location-tracking smartphone application.

Hackers could exploit such a smartwatch's International Mobile Equipment Identity (IMEI) identifier to spoof communications from the watch for nefarious means, or they could abuse Structured Query Language injection vulnerabilities in 3G's backend server to send malicious commands to the watches.

Münster's Sebastian Schinzel said, “It's 2020. How can you sell something that speaks over mobile networks, is unencrypted and has no authentication or anything?”

From Wired
View Full Article - May Require Paid Subscription

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
ACM Resources