Child-tracking smartwatches provide a convenient means of monitoring a child’s safety for parents. However, if the devices have security flaws, they could risk the safety of kids. Recently, researchers found some notable vulnerabilities in MiSafes child-tracking smartwatches that make these trackers prone to hacks.
Security Flaws Identified In MiSafes Child-tracking Smartwatches
Researchers from Pen Test Partners found some serious security issues in MiSafes child-tracking smartwatches. According to their findings, the flaws can allow an attacker snoop into the smartwatch system, and compromise your child’s safety. As per their blog post,
“With a couple of watches paired to different testing phones, I had a play with various authorisation and Insecure Direct Object Reference, IDOR, attacks.”
According to researchers, exploiting the bugs could let them access the target child’s GPS coordinates, send audio messages to them or call them, make secret one-way calls for spying, or retrieve a child’s personal details, like name, age, gender, weight, and photograph(s).
The researchers and the BBC attempted to contact the vendors, but received no response.
Risking Child Security – Who Should Take The Responsible?
This isn’t the first incident where a parental control device has failed in maintaining security. Nonetheless, it certainly raises questions about how much those involved in the creation of such devices actually care about cybersecurity.
While talking to LHN, Jan van Vliet, GM and VP EMEA at Digital Guardian, said,
“As smart devices permeate all aspects of our lives, the burden of properly securing them must fall squarely on product manufacturers, software developers, and network providers. After all, it makes sense that those developing and profiting from smart tech should be held responsible for ensuring that their products and services pose no risk to end-user security or privacy; especially when children are involved. What we really need to see is far more stringent rules to force manufacturers to build security into their devices. Part of the responsibility also lies with the network providers. These companies control the updates, configuration settings and network access for such devices and it is therefore important that they are taking measures to monitor this.”
Regarding the measures needed to avoid such hacks, Gro Mette Moen, watchdog’s acting director of digital services, told BBC,
“This is another example of unsecure products that should never have reached the market. Our advice is to refrain from buying these smartwatches until the sellers can prove that their features and security standards are satisfactory.”