Story image

European Commission urges recall of children's smartwatch

05 Feb 2019

If you’ve been on a trip to Germany recently and picked up a few gifts for the family, you might want to take note if you happened to by the Enox Safe-KID-One smartwatch for children.

Despite ‘Safe’ being in the watch’s name, it’s actually anything but safe. In fact, the European Commission has gone as far as urging distributors to recall every single watch from anyone who was unlucky enough to buy it because it’s a ‘serious risk’.

Enox Group, the company behind the Safe-KID-One, describes the smartwatch as a high-tech GPS safety and surveillance watch that helps parents keep track of and talk to their children all the time.

“Through downloading of an app in your smartphone (QR Code included in the user Manual), you can locate and follow your kid – almost to the metre – on a GPS map in your Smartphone. You can, also, follow the route of your kid the last 30 minutes, 60 minutes etc, through recording and playback of movements,” a product sheet on the company’s website says.

The problem is, according to the European Commission, the smartwatch and its app are so unsecure that anyone could hack into the watch, track the child, or talk to them.

“The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed,” says a statement.

“A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”

It’s not so hard to see why that might be a problem – the watch’s inbuilt speaker and microphone could broadcast just about anything.

“The kid has 3 one-click phone call buttons; e.g. For mum, dad and grandma.” Furthermore, it has an SOS button on the watch, which does, by one click for 3 seconds, call or text all 3 parties. Only pre-listed parties can call the kid.”

If hackers got in and changed those numbers, suddenly mum and dad aren’t who the child thinks they are.

The European Commission adds that the watch doesn’t comply with the Radio Equipment Directive and any distributor that dealt with the Safe-KID-One should recall the product from end users.

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.