Safety concerns over children’s connected toys are nothing new. Wi-Fi enabled dolls such as My Friend Cayla and Barbie were found to be vulnerable to hackers, while smart Fisher-Price toys and HereO watches also featured dangerous security holes, all of which have since been patched. Now, a watchdog has warned that more smartwatches aimed at kids could be easily compromised.
The Norwegian Consumer Council (NCC) tested several of these child-friendly watches, including ones from Gator and GPS. They let parents monitor their kids’ locations (via a smartphone app) and can even make phone calls to a limit set of numbers. The devices also feature an SOS button and geofencing capabilities that send alerts if a child leaves a certain area.
But the NCC and security firm Mnemonic found that their poor security allowed hackers to track wearers, spoof a child’s location, listen in on conversations, and compromise the emergency button.
It was also discovered that some of the watches didn’t encrypt stored and transmitted data, making it much easier for hackers to access the information. Consumer rights watchdog Which? called the devices “shoddy,” adding that parents would be “shocked” if they knew the vulnerabilities they contained.
The Gator 2, Tinitell, Viksfjord, and Xplora watches were tested, but researchers say others could be vulnerable. UK retailer John Lewis has announced it will be removing a different version of the Gator watch from sale "as a precautionary measure" while awaiting "further advice and reassurance from the supplier."
GPS for kids said it has now addressed the security flaw and will be offering existing customers an upgrade. Gator, meanwhile, said it had moved its data to a new, encrypted server and was creating a more secure app for its customers.
“Consumer products are increasingly being connected to the internet and this is resulting in an unprecedented level of data being generated, collected, and processed. It is imperative to be aware of the threats that such products may open up to if security is not prioritized. We commend the Norwegian Consumer Council for bringing this forward”, said Harrison Edward Sand, lead investigator of the technical security assessment.