Consumer watchdog: Child safety smartwatches are simple to hack

18 Oct 2017

Smartwatches for kids may not be as safe as they say. Image: Olena Yakobchuk/Shutterstock

Together with security firm Mnemonic, the Norwegian Consumer Council has uncovered alarming security flaws in children’s smartwatches.

Parents who have purchased smartwatches for their children to ostensibly monitor their safety may want to reconsider the move following the release of a concerning report from the Norwegian Consumer Council (NCC).

The NCC’s director of digital policy, Finn Myrstad, described the issues found as “very serious”. He warned that “these watches have no place on a shop’s shelf, let alone on a child’s wrist”.

The NCC tested the Gator 2, Tinitell, Viksfjord and Xplora smartwatches, with other models similar to those tested being sold under different monikers. The NCC found that Tinitell smartwatches “performed consistently better than the other watches in our test, but it also offers fewer features than its competitors”. The council is referring other makers to the Norwegian Data Protection Authority and Consumer Ombudsman, saying that the watches breach EU law.

The unsafe smartwatches can be overtaken by a stranger in a series of simple steps to track, eavesdrop on and communicate with the child. They can also make the child’s location look different to where they really are, and some of the data is not encrypted.

According to the BBC, British retailer John Lewis has withdrawn at least one of the watches from sale and consumer rights group Which? also criticised the design of the watches. The manufacturers have said they are taking steps to fix the issues, but is it too little, too late?

Unsafe products putting people at risk

Myrstad said: “We are seeing how many internet-connected products fail to comply with consumer and data protection laws, in addition to basic security standards.

“The industry and the authorities both have a responsibility for ensuring that consumers are not put at risk by unsafe products.”

He recommended refraining from buying such smartwatches and returning purchased items to the seller, citing the security failings, poorly implemented features and potential breaches of child safety that these products could enable.

The NCC report described the smartwatch market as “chaotic and somewhat immature”. It continued: “The vast variety of products being imported and sold under different names also makes it exceedingly difficult to understand who is responsible for any problems with the devices or apps.”

“The large number of disconcerting and potentially critical technical flaws discovered by Mnemonic further exacerbates these issues.”

Updated, 8.27am, 19 October 2017: This article was updated to clarify that although Tinitell was one of the smartwatch brands tested by the NCC, it has not been referred to the Norwegian Data Protection Authority.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com