Be careful around smartwatches designed for children. Not all are built with security in mind, according to a Norwegian consumer watchdog group.
In tests of smartwatches sold internationally, the Norwegian Consumer Council found that three products contain security flaws, making them easy to hack. These bugs could allow a hacker to secretly spy on a child's location, listen to voice messages, or pull name and phone number information on the device, the group said. "These watches have no place on a shop's shelf, let alone on a child's wrist," it added.
The three watches tested were the Xplora, which has over 350,000 users, the Gator 2, and the Viksfjord, a product that's been sold under different names across the world.
All three can make and receive phone calls, and activate by connecting to the vendor's mobile app, which can be installed on a smartphone or tablet.
To test the products, the council tapped a security firm called Mnemonic. It found that stealing user account access to a Gator 2 and Viksfjord watch was possible if the attacker had the device's IMEI number, which is usually found on the back, but can also be obtained online.
Knowing the IMEI number allowed researchers at Mnemonic to view the location data, edit the phone numbers, and control voice messages on the Gator 2 watch. For the Viksfjord, it gave researchers full remote access to the watch itself.
"Even if users stop using the watch completely, there is no functionality available to delete accounts or account history," the researchers wrote in their report.
The researchers also stumbled on a vulnerability with the Xplora watch that allowed them to view information from other Xplora users, including location data, names, and phone numbers.
Recommended by Our Editors
To prevent hackers from piggybacking on their research, Mnemonic isn't disclosing all the details to the security flaws. But the findings aren't really a surprise. Over the years, many internet-connected products, such as smart toys, have been found built with little attention to security or users' privacy.
The three smartwatch makers didn't immediately respond to PCMag's request for comment, though they tell the council that some of the security flaws have now been fixed. Nevertheless, the group is recommending that consumers refrain from buying these watches until they are found to be secure.
"Consumer organizations in Europe and the US will also be pursuing our findings," the watchdog group added.
Apple Watch Series 3 Review
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
