A supposedly helpful gadget turned out to be a massive security risk

Buckingham (pte024/16.11.2018/13:30) - The company miSafes http://misafes.com offers the “Kid's Watcher”, a children's smartwatch that is actually intended to help parents protect their children. But the devices themselves are massively insecure, warns IT security expert Alan Monie from Pen Test Partners http://pentestpartners.com . With fairly simple tricks, attackers could not only get the children's GPS data, misuse the smartwatch's microphone as a bug or even send audio messages to a child.

Good idea, bad security

The idea behind the Kid's Watcher actually seems good. GPS tracking is intended to help prevent children from losing their parents in the urban jungle or in amusement parks like Disneyland. The device also offers various options for parents to contact children, as well as a button that children can use to raise an alarm in an emergency. A friend who had gotten the smartwatch wanted to know from Monie about the security of the inexpensive gadget. “It was bad… really bad,” says the expert in the company blog.

The control app for parents that goes with the smartwatch does not use any encryption for data transfers. So the expert managed to use relatively simple hacks, for example to access the device's real-time GPS data, call it or secretly start a wiretapping call in order to spy on the child. It was also possible to send audio messages and bypass the approved caller list. In addition, unsecured online data transmissions allow an attacker to easily obtain a child's profile picture, name, gender, date of birth, height and weight.

“Trackmageddon” project

As a demonstration, Monie wrote an app that can be used to track current and past locations of test smartwatches. According to him, it would be easy to persecute other kid's watchers and thus children. Although this is just a gadget from one manufacturer, unfortunately it is probably the tip of an uncertainty iceberg.

A colleague looked at the programming interfaces (APIs) of various other smartwatches and other GPS staplers for a project called “Trackmageddon”. Similar problems are therefore likely to be widespread. Based on published sales figures, download numbers of associated apps and device identifiers that assign APIs, experts assume that over a million similarly unsafe children's smartwatches are used, possibly even around three million worldwide.

Source: www.pressetext.com


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )