Cyber security is becoming an issue we see again and again. One great example being Facebook and how it keeps having issues. Like how just last month we saw that Facebook on iOS secretly accesses your phones camera. Fortunately for Facebook's public image, this time, it's not them. Instead, it's the Chinese company called Shenzhen Smart Care Technology that has released a kids smartwatch that can show the child's real time location. HOw dangerous is that?
This smartwatch is called the SMA-WATCH-M2 and has been exposing about 5,000 children's data. This includes their location, name address, age, images and voice messages. Not only this, but the data is being saved on the firm's unencrypted servers.
Children's data is being saved. The data isn't encrypted. What's next? This data can also be unauthorizedly obtained. So for anyone who wants to misuse such data, they don't have to put much elbow grease into it. It was also found that a configuration file could be used to get data of any user ID the attacker enters without being asked for any credentials. Someone who wants to exploit this issue could label themselves as the child IDs parent and see the child's data an their current location.
Wouldn't a parent or child get a notification if a new parent came out of the blue? Not at all. I'm sure someone out there is creating a conspiracy to go with this company as you read this...
AV-TEST has tested these flaws (as the company name suggests) and managed to to get the location of a child using the kids smartwatch - Anna from Germany.
There is a lack of regulatory compliance that is imposed upon these Chinese firms. According to AV, they have informed Shenzhen Smart Care Technology of this issue but it still persists. This is obviously a serious threat to the children's physical safety so we hope that this issue gets sorted fast. If you know anyone / anyone's child that may have this smartwatch, tell the parent about it to ensure the child's safety if the vulnerability is ever exploited.