It's been a year and a half since the Norwegian Consumer Council commissioned a security audit of kids' "smart watches" that revealed that anyone on the internet could track the wearers, talk to them through their watches, and listen in on them; a year later, Pen Test Partners revealed that the watches were still leaking sensitive information, a situation that hadn't changed as of last week.
Now (finally!), the EU has had enough, and has announced the first-ever European recall over a product due to data privacy concerns, recalling the Safe-KID-One, manufactured by a Germany company called Enox.
Enox's products share a Chinese-hosted back-end with "dozens of brands."
"The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data," said authorities in the RAPEX alert. "As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed."
On top of this, authorities also said that "a malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS."
EU orders recall of children's smartwatch over severe privacy concerns [Catalin Cimpanu/Zdnet]