Researchers at Norwegian security company Mnemonic found an undocumented backdoor in the X4 smartwatch marketed by children's watch vendor Xplora.
Mnemonic's Harrison Sand and Erlend Leiknes said an encrypted text message can activate the backdoor, while commands exist for clandestinely reporting the watch's location in real time, recording and sending snapshots to an Xplora server, and making phone calls that transmit all sounds within earshot.
Moreover, 19 applications pre-installed on the watch are crafted by China-based security firm Qihoo 360, while Qihoo 360 subsidiary 360 Kids Guard jointly designed the X4 with Xplora and fabricates its hardware.
Exploiting the backdoor requires knowing both the phone number assigned to the watch and the unique encryption key hardwired into each device.
Xplora said it has developed a patch for the X4 following the Mnemonic researchers' alert.
From Ars Technica
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found