Story image

European Commission urges recall of children's smartwatch

05 Feb 2019

If you’ve been on a trip to Germany recently and picked up a few gifts for the family, you might want to take note if you happened to by the Enox Safe-KID-One smartwatch for children.

Despite ‘Safe’ being in the watch’s name, it’s actually anything but safe. In fact, the European Commission has gone as far as urging distributors to recall every single watch from anyone who was unlucky enough to buy it because it’s a ‘serious risk’.

Enox Group, the company behind the Safe-KID-One, describes the smartwatch as a high-tech GPS safety and surveillance watch that helps parents keep track of and talk to their children all the time.

“Through downloading of an app in your smartphone (QR Code included in the user Manual), you can locate and follow your kid – almost to the metre – on a GPS map in your Smartphone. You can, also, follow the route of your kid the last 30 minutes, 60 minutes etc, through recording and playback of movements,” a product sheet on the company’s website says.

The problem is, according to the European Commission, the smartwatch and its app are so unsecure that anyone could hack into the watch, track the child, or talk to them.

“The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed,” says a statement.

“A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”

It’s not so hard to see why that might be a problem – the watch’s inbuilt speaker and microphone could broadcast just about anything.

“The kid has 3 one-click phone call buttons; e.g. For mum, dad and grandma.” Furthermore, it has an SOS button on the watch, which does, by one click for 3 seconds, call or text all 3 parties. Only pre-listed parties can call the kid.”

If hackers got in and changed those numbers, suddenly mum and dad aren’t who the child thinks they are.

The European Commission adds that the watch doesn’t comply with the Radio Equipment Directive and any distributor that dealt with the Safe-KID-One should recall the product from end users.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.