November 15th 2018
The MiSafes Kid’s Watcher Plus location-tracking smartwatch has been found by security researchers to be lacking in basic security – posing potential dangers to the thousands of children who wear it, according the BBC.
Pen Test Partners’ Ken Munro and Alan Monie have found that the watch neither encrypts the data it uses nor secures each child’s account, and recommend that the product be discarded.
The watch – which was introduced three years ago – enables parents to track their child’s movements, receive alerts if they leave a ‘safe zone’ they have set up and listen in on what their child is doing at any time, all via a mobile app. They can also make two-way calls. It uses a combination of GPS and a 2G mobile connection.
However, the poor security means that easily-available PC software can be used to mimic the app’s communications, change the assigned ID number and gain visibility of the personal information used in product registration including the child’s photograph, name, gender, date of birth, height and weight, parents’ phone numbers and the phone number assigned to the watch’s SIM card.
These are all details which would be of interest to both paedophiles and cybercriminals. The researchers found that they were also able to trigger the remote listening facility of someone else’s watch, track the wearer’s current and past locations and change the safe zone facility, triggering an alert when the child approaches, rather than leaves it. They could also bypass a feature meant to limit the watch to accepting calls from only authorised parties.
The BBC found that in the UK, Amazon had previously sold the watches but have not held stock for some time,.whilst eBay said that they had been removed on the grounds on an existing ban on equipment that could be used to spy on others’ activities without their knowledge. The Norwegian Consumer Council’s Acting Director of Digital Services Gro Mette Moen said: “This is another example of unsecure products that should never have reached the market.”
Neither the product’s manufacturer nor a China-based company listed as the product’s supplier have responded to BBC requests for comment.
This is the second time this year that MiSafes has been in the news for poor security after an Australian researcher uncovered several flaws with its Mi-Cam baby monitors.
Get Safe Online’s Tim Mitchell said: “We always warn consumers about the importance of security on internet-connected products, but this instance is particularly poor as ironically, a product advertised to help children safe is the very thing that could place them in danger.”
Mitchell continued: “Even a look at the website might make you think twice about the company’s integrity, as it’s littered with poor spelling and grammar and doesn’t even seem to contain contact details.
“With the increasing number of internet-connected toys and other products such as baby monitors and cameras, parents should take a long hard look at what they’re buying and how they’re setting them up.”