Kids’ smartwatches are usually intended to help parents feel at ease that their children are safe when they’re not around. But as it turns out, a number of these devices may do more harm than good. A 49-page report on smartwatches for children (with the unfortunate title of #WatchOut) details all the ways in which they are a security nightmare.
The report, conducted by the Norwegian Consumer Council (NCC) and European security firm Mnemonic, analysed four kids’ smartwatches—Gator 2, Tinitell, Viksfjord, and Xplora. According the NCC’s report, two of the aforementioned devices were vulnerable to hackers, affording them the ability to remotely control the apps on the device. Through a breached device, the NCC says a hacker could access information on a child’s whereabouts in real-time, uncover their personal information, and even communicate with the child. What’s more, one of the devices could allow someone “with some technical knowledge” to discreetly listen to the child’s surroundings. Beyond these gross invasions of privacy, the Council said certain key features of these devices—an SOS button and a feature that alerts parents when kids leave virtual boundaries—were unreliable.
The report also notes issues regarding collecting user data—only one of the product’s terms and services allowed parents to opt in to or out of data collection. And one watch, the Xplora app, gave up children’s data to marketers, the NCC said. Three other watch makers did not specify how they use the data they collect.
The state of smartwatches made for kids is so disconcerting that the European Consumer Organisation (BEUC) recently made a public service announcement warning consumers that the devices are not secure. Director General of BEUC Monique Goyens said in a press release that “these watches should not find their way into our shops.”
“Parents buy them to protect their children. However, they are probably unaware that instead of protecting them they are making their children more vulnerable,” Goyens continued in the press release. “The EU urgently needs to regulate mandatory security standards for connected products. Producers should immediately fix these flaws or they should find their products withdrawn from the market.”
These poorly protected smartwatches just scratch the surface of the horrifying world of internet-connected children’s toys. Security researchers discovered in 2015 that Mattel’s Hello Barbie, a smart doll that uses voice recognition to talk to your kids, could be hacked to spy on your children. The backlash against Mattel’s other effort to get a microphone into the playroom—in the form of an “Alexa for kids”—was so bad, the company cancelled it altogether. And in Early 2016, the company behind another kids’ smartwatch, the crowdfunded HereO, was accused of improperly securing kids’ data. The FBI even issued a PSA this month warning consumers of the privacy and security problems they face when purchasing an internet-connected device. You know what can’t be hacked and turned into a surveillance device? Play-doh. [Business Insider, Bleeping Computer]