Smartwatches disclosing children’s location

30th May 2018

 

The popularity of smart children’s watches is increasing every day. These watches allow parents to keep track of the current location of their children. Most vendors allow for  parents to retrieve this information using a mobile app. Apart from the location, most of the vendors offer parents the possibility to send text messages to the smartwatch and initiate a call. Sometimes it is even possible to start a call without confirmation from the watch itself, which makes it possible for parents to secretly listen to a child’s environment. Therefore, Germany banned the devices.

 

These watches collect sensitive information, such as locations and store it centrally, so parents know where their kids are when wearing the smartwatch. DearBytes decided to dive into some of the smartwatches to identify whether these devices keep the data safe. We picked some random children’s smartwatch apps and started to investigate them. Early on in the research, we discovered a vulnerability in the hellOO smartwatch cloud environment. The vulnerability allows attackers to keep track of all the location history retrieved from smartwatches that were sold by hellOO. Later in the investigation we determined that other resellers of the same product were affected by our vulnerability as well. The smartwatches are used by users from at least 13 different countries. This is how it works:

 

Full Article.

 

Take a look at the best antivirus, anti-malware, anti-spy, etc. software

Powered by WPeMatico

This entry was posted in anti-malware and tagged , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Comments are closed.