Serviceteam IT Security News

A device that is supposed to help parents keep track of their children and give them a peace of mind can be turned into a surveillance device

Researchers at the AV-Test Institute have uncovered gaping privacy and security holes in the SMA-WATCH-M2 smartwatch that is designed to keep children safe and their parents feeling secure about their offspring.

The security lapses were so severe that the researchers were able to piece together a snapshot of the life and daily habits of a randomly selected 10-year-old child named Anna from Germany. Among other data, the Chinese-made device exposed the girl’s age, place of residence, where she spends most of her day, and the routes she takes. The researchers could even access the sound messages that were transmitted to her device. And that’s still not all – they were even able to monitor Anna’s real-time GPS position.

Obviously, the security shortcomings did not affect just that single device. The team said it could gain access to the location, phone number, photos and conversations of well over 5,000 children, and was quick to note the number of affected users might, in fact, be far higher.

How was this possible, I hear you ask? In addition to communication with the manufacturer’s server being unencrypted, the online interface of the manufacturer’s server was completely unsecured, leaving it entirely open to external unauthorized access. Although an authorization token was generated to prevent unauthorized access, the server does not check it. Which essentially means anyone with enough “hacking” skills should have no problem in accessing user IDs. This allows potential attackers to have the same access that a parent would have.

To sum it up, a device that is supposed to help parents keep track of their children and give them a peace of mind can be turned into a surveillance device for bad actors. This lapse in security was found to affect users in Germany, Turkey, Poland, Mexico, Belgium, Hong Kong, Spain, the Netherlands, and China. There is a possibility that the number of affected people may be well over the previously estimated 5,000.

As much as this case might look like a one-off security lapse, the reality is far from it. We covered a similar recorded event earlier this year. Hence we think it is always important to consider the pros and cons of using such a device.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!