A Smartwatch for Kids Just Exposed the Location of Over 5,000 Children

1 minute read
| News

The Chinese SMA-WATCH-M2 was recently caught exposing personal data like location of over 5,000 children and their parents.

SMA-WATCH

This watch works with a companion app that parents can download on their phone. They can use the app to track the kids’ location, make voice calls, and receive an alert if a child leaves their designated area. Maik Morgenstern, CEO and the Technical Director of AV-TEST said that this is one of the most insecure products on the market.

Map of device locations

Map of device locations. Credit: AV-TEST

For example, the smartwatch’s server can be queried using a publicly-accessible web API. This is the server that connects the watch to the app. Any third-party can also easily substitute the authentication token with one of their own because the server doesn’t verify it. This means an attacker could use the API to collect user IDs and other data.

Or, an attacker could install the app on their own phone, change the user ID in the app’s configuration file, and pair the phone with a kid’s watch without needing the parent’s account login.

Most of the kids were located throughout Europe, in countries such as the Netherlands, Poland, Turkey, Germany, Spain, and Belgium, but the AV-TEST CEO says they’ve also found active smart watches in China, Hong Kong, and Mexico.

SMA has been contacted with these findings, but Mr. Morgenstern didn’t share how the company reacted, and noted the watch is still for sale.

Further Reading:

[Why Teaching Privacy to Your Kids is Important]

[Hurry, Pixelmator Photo on iPadOS is Free Right Now]

2
Leave a Reply

Please Login to comment
2 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
wab95geoduck Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
wab95
Member
wab95

‘ SMA has been contacted with these findings, but Mr. Morgenstern didn’t share how the company reacted…’

Anonymous sources with knowledge of the situation report that the head of janitorial services was overheard shouting, ‘We need the cleanup crew in the board room with some pooper scoopers asap!’

geoduck
Member
geoduck

Just the perfect way to teach your children to accept constant surveillance and spying by a higher power. It’s all good if those in charge say it’s for your protection, for “safety”.