With smartwatches designed especially for kids being available now, parents are enjoying full peace of mind as they know that they are connected to their kids via dedicated, secure apps at all times. These wearable devices that cost no more than £100 are being deemed as a blessing, however, reports suggest that some of these smartwatches are prone to hacking, which means your kids might be in danger because a stranger can easily track your kids’ whereabouts and also spy on their conversations. The reason is that there are very serious security flaws identified in a number of smartwatches.
According to a new report from the consumer watchdog Norwegian Consumer Council (NCC), kids’ smartwatches aren’t immune from being hacked. The NCC researched kids’ smartwatches in collaboration with Mnemonic.
After carrying out tests on four smartwatches that are specifically designed for kids and are equipped with real-time location tracking and facilitate two-way calls with some selected contacts, it was identified that hackers could exploit the security flaws. Hackers can play with the location tracking feature making parents think that kids are somewhere else. The smartwatches tested for this purpose include the following models: Gator 2, Tinitell, Viksfjord and Xplora smartwatches.
Since these smartwatches can store and transmit data without encrypting it, therefore, the possibility of being exploited is even more concerning. The NCC also discovered that the SOS function in Gator’s smartwatch was poorly implemented while the alerts that were transmitted by these models after the kid left a permitted location were unreliable. It is worth noting that the SOS feature allows kids to contact their parents when required instantly and the alarm goes off when the kid leaves an area without parents’ permission.
Another serious flaw identified in these smartwatches was that the stored data, which was not appropriately encrypted, could not be deleted at all. The only smartwatch with no security vulnerability and possible risk for kids was the Tinitell. However, this was also the only watch that offered limited features in comparison to the other three.
NCC’s Finn Myrstad stated that: “It’s very serious when products that claim to make children safer instead put them at risk because of poor security and features that do not work properly. Importers and retailers must know what they stock and sell. These watches have no place on a shop’s shelf, let alone on a child’s wrist.”
In response to the findings of NCC, companies have started giving out official statements. Gator stated that it has now improved security measures of its smartwatch by moving the data to an encrypted server. This most likely would prevent it from being hacked. Viksfjord watch manufacturer GPSforbarn stated that the security flaws have already been fixed remotely because the company was informed about the report back in September.
Surprisingly, retailers are also responding quite intensely as a UK based retailer John Lewis has stopped selling one of the smartwatches identified as risky by the NCC.
The findings have been reported to the US and European data regulators by the NCC. Shoppers and parents are advised not to buy these smartwatches until it is confirmed that the related companies have fixed the security flaws. In case your kid owns one of the vulnerable watches, it is better to ask for a refund from the seller and set an example for others to follow so that companies pay attention to fixing the flaws at the earliest.