![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
- Joined
- Mar 3, 2018
- Messages
- 1,713
The BBC reports that a location tracking watch "worn by thousands of children" can be easily infiltrated by anyone with internet access. While the BBC report calls it "easy to hack", and is light on technical details, the security researcher's own words make it sound even worse. Ken Muro said "The big problem is there is no security. Anyone on the internet can access the position of your child wearing one of these watches. It's really so easy, probably the easiest hack we've ever seen." The BBC says that the watches are no longer listed on Amazon UK, and I can't find any for sale in the U.S either. However, MiSafes has a number of smart cameras and other child "security" products listed on Amazon, and some of them have accumulated quite a few reviews. Some of those cameras reportedly have critical security issues too. So, if you're shopping for this sort of thing this holiday season, you might want to think twice before buying anything from MiSafes.
They found it was possible to: trigger the remote listening facility of someone else's watch, with the only warning being that a brief "busy" message appeared before its screen returned to blank, track the wearer's current and past locations, [and] alter the safe zone facility so that alerts were triggered by a child's approach rather than their departure. Pen Test Partners also learned it was possible to bypass a feature supposed to limit the watch to accepting calls from only authorised parties. The researchers did this by using a online "prank call" service that fools receiving devices into showing another person's caller ID number.
They found it was possible to: trigger the remote listening facility of someone else's watch, with the only warning being that a brief "busy" message appeared before its screen returned to blank, track the wearer's current and past locations, [and] alter the safe zone facility so that alerts were triggered by a child's approach rather than their departure. Pen Test Partners also learned it was possible to bypass a feature supposed to limit the watch to accepting calls from only authorised parties. The researchers did this by using a online "prank call" service that fools receiving devices into showing another person's caller ID number.