Communications of the ACM
Kids' Smartwatches a Security Nightmare, Despite Years of Warnings
Researchers at the Mnster University of Applied Sciences in Germany tested the security of six brands of smartwatches marketed for kids, and found that hackers could abuse features to track a child's location using the watch's GPS in five of the six bran
Credit: Matt Perrin/Alamy
Researchers at Germany's Münster University of Applied Sciences found smartwatch brands marketed for children are exploitable, based on years of similar findings.
Of the six brands investigated, four use variants of a model from the same white label manufacturer, with hardware and backend server architecture from Chinese company 3G.
Smartwatches using that system lack encryption or authentication in their communications with the server that sends data to and from parents' location-tracking smartphone application.
Hackers could exploit such a smartwatch's International Mobile Equipment Identity (IMEI) identifier to spoof communications from the watch for nefarious means, or they could abuse Structured Query Language injection vulnerabilities in 3G's backend server to send malicious commands to the watches.
Münster's Sebastian Schinzel said, “It's 2020. How can you sell something that speaks over mobile networks, is unencrypted and has no authentication or anything?”
From Wired
View Full Article - May Require Paid Subscription
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found