acm-header
Sign In

Communications of the ACM

Home/News/Undocumented Backdoor That Covertly Takes Snapshots.../Full Text
ACM TechNews

Undocumented Backdoor That Covertly Takes Snapshots Found in Kids' Smartwatch

By Ars Technica
October 19, 2020
Comments
View as: Print Mobile App Share:
Children wearing smartwatches.

Researchers in Norway found an undocumented backdoor in the X4 smartwatch marketed by children's watch vendor Xplora.

Credit: Xplore

Researchers at Norwegian security company Mnemonic found an undocumented backdoor in the X4 smartwatch marketed by children's watch vendor Xplora.

Mnemonic's Harrison Sand and Erlend Leiknes said an encrypted text message can activate the backdoor, while commands exist for clandestinely reporting the watch's location in real time, recording and sending snapshots to an Xplora server, and making phone calls that transmit all sounds within earshot.

Moreover, 19 applications pre-installed on the watch are crafted by China-based security firm Qihoo 360, while Qihoo 360 subsidiary 360 Kids Guard jointly designed the X4 with Xplora and fabricates its hardware.

Exploiting the backdoor requires knowing both the phone number assigned to the watch and the unique encryption key hardwired into each device.

Xplora said it has developed a patch for the X4 following the Mnemonic researchers' alert.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account