One year later: kids smart-watches are still a privacy and security dumpster fire

A year ago, the Norwegian Consumer Council commissioned a study into kids' smart watches, finding that they were incredibly negligent when it came to security and incredible greedy when it came to surveillance: a deadly combination that meant that these devices were sucking up tons of sensitive data on kids' lives and then leaving it lying around for anyone to take.


At the time, the manufacturers involved both denied any wrongdoing and simultaneously promised to improve anyway. A year later, no such improvements have arrived.

A new investigation by Pen Test Partners found that MiSafes's smart watches, aimed at kids 3-12 years old, could be used to track kids' locations, to covertly listen in on their conversations, and to fool kids by initiating calls that appeared to come from their parents.


The researchers found about 14,000 available MiSafe watches using internet search tools.


They found it was possible to:

*
trigger the remote listening facility of someone else's watch, with the only warning being that a brief "busy" message appeared before its screen returned to blank

*
track the wearer's current and past locations

* alter the safe zone facility so that alerts were triggered by a child's approach rather than their departure

Pen Test Partners also learned it was possible to bypass a feature supposed to limit the watch to accepting calls from only authorised parties.

The researchers did this by using a online "prank call" service that fools receiving devices into showing another person's caller ID number.

Consumer Advice: Kids GPS tracker watch security [Pen Test Partners]

MiSafes' child-tracking smartwatches are 'easy to hack' [Leo Kelion/BBC]