Sign In

Communications of the ACM

ACM TechNews

Undocumented Backdoor That Covertly Takes Snapshots Found in Kids' Smartwatch


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Children wearing smartwatches.

Researchers in Norway found an undocumented backdoor in the X4 smartwatch marketed by children's watch vendor Xplora.

Credit: Xplore

Researchers at Norwegian security company Mnemonic found an undocumented backdoor in the X4 smartwatch marketed by children's watch vendor Xplora.

Mnemonic's Harrison Sand and Erlend Leiknes said an encrypted text message can activate the backdoor, while commands exist for clandestinely reporting the watch's location in real time, recording and sending snapshots to an Xplora server, and making phone calls that transmit all sounds within earshot.

Moreover, 19 applications pre-installed on the watch are crafted by China-based security firm Qihoo 360, while Qihoo 360 subsidiary 360 Kids Guard jointly designed the X4 with Xplora and fabricates its hardware.

Exploiting the backdoor requires knowing both the phone number assigned to the watch and the unique encryption key hardwired into each device.

Xplora said it has developed a patch for the X4 following the Mnemonic researchers' alert.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found