Children’s smartwatches sold on Amazon let strangers spy on them, researchers warn
Flaw allows hackers to take over the voice chat function in order to talk directly to the watch’s wearer
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Amazon is selling children’s smartwatches containing serious security flaws that allow hackers to spy on anyone wearing them, according to a new investigation.
Cyber security researchers at Rapid7 discovered vulnerabilities in three different brands of watches purchased from Amazon, all of which are designed for children.
Simply by knowing the phone number associated with one of the devices, attackers could take control of them remotely in order to track a child wearing it through the inbuilt GPS function.
Hackers could even take over the voice chat function in order to talk directly to the watch’s wearer.
“It is possible that an attacker with knowledge of the smartwatch phone number could assume total control of the device, and therefore use the tracking and voice chat functionality with the same permissions as the legitimate user (typically, a parent),” Tod Beardsley, director of research at Rapid7, wrote in a blog post detailing the issue.
The three devices mentioned in the investigation – Children’s SmartWatch, G36 Children’s Smartwatch and SmarTurtles Kid’s Smartwatch – range in price from £20 to £35 and appear to lack any form of privacy policy.
Amazon did not immediately respond to a request for comment from The Independent, but at the time of writing two of the three watches remained available for purchase through the online retail giant.
“Consumers who are concerned with the safety, privacy, and security of their IoT [Internet of Things] devices and the associated cloud services are advised to avoid using any technology that is not provided by a clearly identifiable vendor,” Mr Beardsley warned.
It is far from the first time that security experts have warned about the dangers of internet-connected devices used by, or around, children.
In 2016, a US consumer watchdog launched an investigation into four separate baby monitor device companies suspected of compromising the safety of children.
New York's Department of Consumer Affairs warned that hackers were using smart baby monitors to spy on sleeping babies, citing one example of a couple in Indiana hearing a stranger making sexual noises through their baby's monitor.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments