New research reveals alarming security flaws in smartwatches for children

PRESS RELEASE - 18.10.2017

Children smartwatches, on sale in many European countries, pose massive security risks. published today by Forbrukerrådet, the Norwegian member organisation of BEUC, has revealed that strangers can seize control of the tested watches and use them to track and eavesdrop on children.

 

These watches allow parents to communicate with their child through their mobile phone function and stay up-to-date about the child’s location via the app.

The findings again showcase that the growing presence of internet-connected products may come with new and very serious risks for consumers’ security. They also often disregard basic consumer and data protection rights.

The research in particular revealed:

  • Security flaws: in a few simple steps, a stranger can take control of the watch and track, eavesdrop on and communicate with the child. They will be able to track the child as he or she moves or make it look like the child is somewhere else. The data is transmitted and stored without encryption.
  • False sense of security: the SOS button is unreliable and hackers can circumvent the requirement to be on the list of trusted phone numbers.
  • Illegal or non-existent terms and conditions: some of the apps associated with the watches lack terms and conditions.
  • Personal data protection flaws: it is not possible to delete your data or user account.

Monique Goyens, Director General of BEUC, commented:

“These watches should not find their way into our shops. Parents buy them to protect their children. However, they are probably unaware that instead of protecting them they are making their children more vulnerable.

“The EU urgently needs to regulate mandatory security standards for connected products. Producers should immediately fix these flaws or they should find their products withdrawn from the market.

“Products which are connected to the internet are everywhere. Unfortunately, some producers seem to turn a blind eye to basic security and privacy standards in their rush to market such products. Market surveillance authorities should make sure that such products never reach the market in the first place.”

 

Notes:

  • Forbrukerrådet tested the Gator 2, Tinitell, Viksfjord and Xplora watches. Other models similar to those who were tested are being sold under different names. They have been for sale in – among other countries – Norway, Sweden, Denmark, Germany, the Netherlands, the United Kingdom, France, Belgium and Italy.
  • English language from Forbrukerrådet.