Smartwatches for kids are at risk from hacking says new report

One retailer decides to stop selling one of the watches under scrutiny
Kids smartwatches are at hacking risk

Where there is tech there is always the potential that its security could be breached and it appears kids smartwatches are not immune from the possibility of being hacked.

That's according to the Norwegian Consumer Council (NCC) who carried out tests on four smartwatches designed for children. The watches have features that include real-time location tracking and two-way phone calls with select contacts.

Essential reading: How to choose the right GPS kids tracker

The NCC included the Gator 2, Tinitell, Viksfjord and Xplora smartwatches in its testing and found that hackers could exploit security holes in three of the watches allowing them to talk to the kids wearing them and even spoof their location letting parents think they are actually somewhere else. A main cause for concern was the fact that these devices were transmitting and storing data without encrypting the information first (doh).

The report also highlighted the Gator's SOS function, which the NCC believed was poorly implemented adding that alerts these devices transmitted when a child left a permitted area were also unreliable.

Of the four watches, the Tinitell, which offers more limited features, was the only one deemed not a security risk for kids with no security vulnerabilities discovered. Tinitell has issued a statement stating that it has further clarified its privacy policy but has not needed to make any hardware or software changes whatsoever.

Two of the companies have moved swiftly to address the issues raised in the report with Techsixtyfour, the makers of the Gator smartwatch stating that it had moved its data to an encrypted server to prevent the possibility of hacking. That has however not stopped UK retailer John Lewis from acting in response to the findings and withdrawing one of the smartwatches featured in the test in response to the watchdog report.

We have since received a statement from Techsixtyfour's founder and CEO Colleen Wong in reaction to the NCC Report and it says the following:

"Since we started the company in September 2015, there have been no security breaches made known to me, members of my team or any partners that we work with directly.

A report by the Norwegian Data Protection Authority was sent to us on 13 September 2017, advising us of potential and specific vulnerabilities that had been found in the software used on the Gator Watch. After assessing the contents of the report, we took immediate steps to address every potential issue or vulnerability mentioned.

We have since been working on patches and taking action to ensure that these vulnerabilities are fixed. The changes implemented will result in a complete overhaul of the app. We expect this work to be completed by the end of October 2017 and have been working every day, with all the resources available to us, to ensure this is done quickly and effectively.

We do want to reiterate that no breach has ever taken place and no personal information has ever been taken by third parties as far as we aware of in the UK or abroad. We are taking this pre-emptive action unilaterally."

While GPS-packing smartwatches for kids are still very much a niche in most countries, they have proved pretty popular in Asia. Security should of course be a priority for all wearables whether it's an Apple Watch or a Tinitell watch, but it feels like there is an even greater responsibility to get it right when you start handing these devices to the little ones. Hopefully this report will be the wake up call for other makers of kids wearables to get their act together.

Source: BBC

smartwatches for kids hacking risk


Hot Black Friday week deals on Amazon

Fitbit Flex 2
Fitbit Flex 2
$59.95
Fossil Q
Fossil Q
$108.50
Apple Watch Series 2
Apple Watch Series 2
$320.59
Garmin Vivosmart HR
Garmin Vivosmart HR
$76

Wareable may get a commission



What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.