In February 2019, approximately 16% of U.S adults owned a smartwatch, which was up from 12% only a couple months prior. Here we are in December 2019 and the percentage has grown exponentially, now 1 in 10 American adults are expected to own a smartwatch in 2020.
There’s even a market for Children’s smartwatches, however we recommend triple checking their security features before allowing your child to wear one.
Why? Because It’s not just parents who have the ability to talk to their child through these devices.
“Security researchers have discovered serious vulnerabilities with a series of children’s’ smartwatches. Potential hackers can use these security flaws to take over the devices and essentially track children and have conversations with them.”
The three types of smartwatches that have this vulnerability are also sold on Amazon; GreaSmart, Jsbaby, and Smarturtle. All cost less than $40.00, and all are marketed as tracking devices to keep tabs on kids and allow the parents to send messages and phone calls to their children.
The security team Rapid7 realized the fatal flaw, while the device is only supposed to be contacted by phone numbers approved through a whitelist, the filter is defective. This allows any number to reach out to the watch.
There is another terrifying aspect to this security glitch, the watches can accept configuration commands through texts, meaning the settings can be changed through a single message. “You can identify where the phone or the child is, you can gain access to audio, or make phone calls to children,” said Deral Heiland, Rapid7’s IoT research lead.
The software in all three children’s smartwatches is the same, leaving them open to these vulnerabilities, and leaving children open to potentially dangerous situations.
Another fatal flaw? Passwords.
All three watches had the default password: 123456. The device doesn’t explain how to change the password, or even that a password exists, so a parent changing this password is highly unlikely. Armed with the knowledge of password 132456 and a simple text message, hackers can take over these devices and even pair them with their own smartphones.
There’s also no way to contact the manufactures, so there’s no way to fix the vulnerabilities.
When shopping for a new gadget this holiday season, we recommend avoiding these entirely.
If you need assistance with your business cybersecurity needs, contact DarkHound at [email protected]
Image Source: https://unsplash.com/photos/iDCtsz-INHI