This safety watch for kids has a serious security flaw
The MiSafe child safety smartwatch has a huge security flaw, as discovered by a team of researchers. Testing conducted on Misafe’s “Kid’s Watcher Plus” wearable revealed that, with easily accessible technology, anyone could gain access to the watch while it’s being worn.
According to the BBC, the security flaws mean that, among other things, someone can access a wearer’s live and former locations, call pretending to be a parent, and listen in to the sound input from the watch’s microphone.
The watch is meant to make things easier for parents to keep an eye on their child wherever they are. The Kid’s Watcher Plus operates using GPS and 2G, allowing the parents to track the child’s movements and make communication is so desired. These functions are all controlled via an app that installed onto a parent’s phone. One such feature is an “SOS” mode, which lets a child to press a button on the watch in case of distress. The device then sends an exact location to the parent’s phone, followed by sound recordings from the next 10 seconds.
The tests were conducted by Alan Monie and Ken Munro, two employees from the online security service Pen Test Partners. The pair began testing on the device when they noticed one of their friend’s children was wearing one. Subsequently, they realised the watches were easily accessible due to lack of encryption, telling the BBC that “It’s probably the simplest hack we’ve ever seen.”
The watch also lets parents to set ‘safe zones’ – for instance a nearby park or their school. If the child moves out of a safe zone, the watch will inform the parents. Monie and Munro told the BBC that hacking allowed them to change the parent-set safe zones if they so wished, essentially stopping notifications from being sent to a parent if their child wanders somewhere potentially unsafe.
The Norwegian Consumer Council stated these flaws have been identified in other child safety watches, but that the MiSafes appeared to be “even more problematic” than usual. The Council’s acting director of digital services, Gro Mette Moen, advises parents “refrain from buying these smartwatches until the sellers can prove that their features and security standards are satisfactory.”
Munro and Monie were also able to access a parent’s mobile number and use it to trick the child’s Watcher Plus into believing it’s been called by the parent. The BBC stated they then dug further and discovered that 14,000 MiSafes were actively in use.
When the BBC and the two Pen Test Partner employees tried to contact the watch’s makers to notify them of the issue they received no reply.
In the past, the devices were accessible on Amazon, however, they ceased distribution after running out of stock. The BBC was able to find listings on eBay, though. However, the products have been subsequently removed due to their potential spying capabilities, with a spokeswoman saying “we don’t allow the sales of these products on our marketplace.”
The demands of smartphones and technology on children is an issue in today’s society, and the introduction of these smartwatches could be a good solution. However, there are assuredly prerequisites for such products, and currently, they aren’t being met.