Smartwatch for Your Kids? Beware!

This article was written for Peak Prosperity by Terence Kam, founder and cybersecurity consultant at iSecurityGuru.com. You can follow his company on LinkedIn. Or subscribe to his writings on Medium, where he writes on a wider variety of topics.
I remember when I was a kid, I wished for a Dick Tracy type of communication device that looked like a wristwatch. Whenever the comic hero wanted to talk to someone, he could lift his arm and talk through his watch.

Today, such a technology exists. Smartwatches now function as smartphones. They can make video calls, send and receive text messages, take pictures and so on. Parents can communicate with and even track their kids’ physical locations. Best of all, smartwatches are cheap. You can get them for under $100, and they look colorful and cool. Since Christmas is coming, why not stuff some stockings with the device?

Well, if you are a parent, think again.

Dr. Web Antivirus just released research on smartwatches for kids. The website pulled apart and analyzed several popular models. I wouldn’t repeat their article here, but based on the research, here are some general principles to keep in mind.

<img class=“alignnone size-medium wp-image-694928” src=“https://peakprosperity.com/wp-content/uploads/2022/01/Kids-smartwatch.jpg-300x140.webp” alt="“smartwatch” width=“300” height=“140” />

All smart devices “phone home”

Every computer, smartphone, tablet, smartwatches and other “smart” devices that connect to the Internet will “phone home”. Your Windows and Mac computers, iPhones, Android phones all talk to Apple, Microsoft and Google to provide the “smart” functionality. It is to be expected. There is no question about that.

But what differentiates between a trusted smart device and a malicious smart device is whether you trust the software code running inside it, as well as the server it “phones home” to.

Can smart devices update their own software securely?

As I wrote in Top 10 Things You Must Do to Avoid Getting Hacked:
The IT industry has not figured out how to write secure code. Every time hardware and software vendors released new products, more lines of computer code are released as well. More lines of code mean more cybersecurity holes. That means there are always holes to be patched. Worse still, there are always massive backlogs of holes to be found and patched. For example, even today, Microsoft is still finding holes in code written a dozen years ago in their latest Windows operating system! Therefore, vendors are always on the never-ending treadmill of releasing patches for security holes in their code. You will need to be always up to date with the patches to be secure.
All responsible device manufacturers must provide a means to update the software running inside their devices. The question is whether the update mechanism is secure or not. If the update mechanism is not secure, then incidents like this can happen:
Passwordstate, the enterprise password manager offered by Australian software developer Click Studios, was hacked earlier this week, exposing the passwords of an undisclosed number of its clients for approximately 28 hours. The hack was carried out through an upgrade feature for the password manager and potentially harvested the passwords of those who carried out upgrades.

On Friday, Click Studios issued an incident management advisory about the hack. It explained that the initial vulnerability was related to its upgrade director—which points the in-place update to the appropriate version of the software on the company’s content distribution network—on its website. When customers performed in-place upgrades on Tuesday and Wednesday, they potentially downloaded a malicious file, titled “moserware.secretsplitter.dll,” from a download network not controlled by Click Studios.


What Dr. Web Antivirus discovered is that some of these smartwatches employ dodgy code to perform software updates. Dr. Web calls these codes “malicious” probably because they are used by malicious software to update themselves. Dr. Web also found out that the codes transmit a lot information to unknown servers, including:

  • Your child’s geolocation
  • Mobile phone number of the smartwatch
Will you be comfortable with these two pieces of information about your child being sent to unknown servers?

Do these smart devices know anything about cybersecurity?

Some of these smart devices practice extremely poor cybersecurity:
  1. For example, it sends your child’s geolocation data to its server unencrypted. For parents to know the location of their child, the smartwatch transmits the child’s geolocation to a server. Although you can trust the server it transmits the information too, if it is transmitted unencrypted, will you be comfortable with that?
  2. Another example: some of these smartwatches utilize default passwords. Default passwords are VERY bad for cybersecurity. Firstly, they are publicly known information. Next, we cannot expect every parent to be tech savvy enough to change the default passwords. Default passwords are such a bad idea the UK recently made it illegal. That is, if manufacturers of internet-connected devices utilize default passwords, they run the risk of legal penalties.
  3. Some of these smartwatches can be controlled merely by sending text messages to it. If hackers know the phone number of the smartwatch and the password, they can control it. Since there is a high chance that parents have not yet changed the default password (which is a publicly known information), their kids’ smartwatches are open to the control of hackers.
  4. Even if the hacker does not know the password, there is a loophole. The hacker can query the parent’s mobile phone number and use this information as an exploit to change the smartwatch password. Dr. Web Antivirus did not provide details of how it can be done. But I bet it involves the spoofing of the parent’s mobile number. As I wrote in this article, it can be done easily.

Conclusion

Kids’ smartwatches are cheap. But you get what you pay for. Manufacturers of cheap smartwatches use their expertise to produce great devices at low cost. But, they don’t possess the cybersecurity expertise and financial resources to make a safe, secure and private device. Thus, they are vulnerable to poor cybersecurity practices and cyberattacks.

If you want to buy a smartwatch device for your kids, it is better to stick to manufacturers with a cybersecurity track record. The safest bet is to buy from well-known brands like Apple and Google. For Google, if you are uncomfortable with their business model of collecting information/data about you, then Apple is your best choice. You can also consider other big brands like Samsung and Garmin. Basically, stay away from those cheap unknown manufacturers.

This is a companion discussion topic for the original entry at https://peakprosperity.com/smartwatch-for-your-kids-beware/

Terence (iSecurityGuru),
Could you please identify what makes “smart” devices, well…smart?
You see, in my mind, “smart” really means latent.
Is “smart” device latency something that can be manually disabled for the owner/proprietor of said device? Like with a screwdriver and soldering iron?
The Jetsons never cliqued with me, so the real question becomes, “Why buy smart devices, whatsoever?” Too lazy to turn on/off a light switch?
Obviously, so that Alexa and Siri can sing amongst the coming soft rains.

4 Likes

Edward Snowden I’m an interview said something along the lines of, to people who ask what the big deal with data privacy is, what data they have of you noway not get you in trouble, but laws and culture change, as well as laws concerning their access to your data and how it can be used in court against say, domestic terrorists. Sound familiar?

5 Likes

It’s what happens when new technology is marketed to create an artificial need for it, instead of the more logical route of first having a need and then developing technology to fill it.
 

2 Likes

Besides security, something often overlooked is how pulsed modulated microwave radiation affects our health - especially in this continuous onslaught. Something the wireless industry and pharma have in common is they get away with capture of regulators, academia, media, the narrative, and the public consciousness, while harms and industry collusion around things like pesticides are well understood and acknowledged. I don’t know exactly how much is emitted by smartwatches, but they’re next to the body for long periods of time, and children are more sensitive. These are some good sites for info on how non ionizing radiation causes harm, and the industry gaslights, claiming only ionizing radiation is harmful, and saying that as long as it’s within the (way too high, created by scientific fraud in 1991, and recently found by the DC Circuit Court of Appeals to be baseless), FCC exposure limit, then it’s all good … but that’s as true as “safe and effective” … https://mdsafetech.org/problems/industry-influence-in-science/ https://ehtrust.org/ https://microwavenews.com/ https://wearenotsam.com/home/

4 Likes
...instead of the more logical route of first having a need and then developing technology to fill it.
CIA Chief: We'll Spy on You Through Your Dishwasher
"Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters -- all connected to the next-generation internet using abundant, low-cost, and high-power computing," Petraeus said, "the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing."
3 Likes

Nope.
It has been here since 1948/“1984”.
Only the technology has tremendously improved to make it hidden from the “cattle”.
“The Cabal” has been working towards this Global Dominion for thousands of years.
Once they have completely destroyed the West, any further opposition will be zilch.

1 Like

This is a good piece! Thanks!

It’s more than just a basic drift hunters game is a game that game creators aim to introduce to places where everybody can test their boundaries when competing.

Smartwatch For Your Kids? Beware!

Today, digital technology . quite a help in the development of both business and any individual direction. However, such technology cannot work well without quality software. If you are interested, you can read about how to create a chat app. An acquaintance of mine said that you can find quite interesting information here.