The European Commission (EC) has ordered the recall of a children’s smart watch: the ENOX Safe-Kid-One, manufactured in Germany. It had received a complaint from Iceland’s consumer protection regulator.
The EC alert provides little detailed information, merely saying, “The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed.
A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”
Such potential is alarming under any circumstance, but particularly concerning where children are concerned.
According to the BBC, ENOX considers the recall to be ‘excessive’. The company’s founder, Ole Anton Bieltvedt said that the watch had passed tests carried out by German regulators last year allowing it to be sold. It has appealed the ruling. However, in November 2017, the German telecoms regulator banned the sale of smart watches to children, saying they violated Germany’s strict surveillance laws.
It had found the watches to be unauthorized transmitters capable of surreptitious child monitoring, and had even been used by parents to listen to teachers in the classroom.
“This is yet another example of IoT devices being rushed to market without proper consideration of privacy,” said Cesar Cerrudo, CTO at ethical hacking company, IOActive. “We are connecting more and more of these devices to the internet and manufacturers are really not applying due diligence, which in the long run will be really costly. While they may get the upper hand in beating the competition to get products to market, they lose out in the long run. Fines and the reputational damage — and in this case product recalls — can have a huge impact on revenues and consumer trust. Businesses need to build security in at the core of their solution, during the design phase, not as an after-thought.”
At the time of writing this, the Safe-Kid-One smart watch was still apparently available from several on-line distributors.
Related: The Second War of Independence: Wearables vs. Security
Related: IoT Malware Will Soon Surround Us: Researcher
Related: Communications Between Smartwatches and Phones Exposed to Hack Attacks
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign
- Quantum Decryption Brought Closer by Topological Qubits
- IBM Delivers Roadmap for Transition to Quantum-safe Cryptography
- CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief
- Court Rules in Favor of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyberattack
- Open Banking: A Perfect Storm for Security and Privacy?
- Apiiro Launches Application Attack Surface Exploration Tool
- Phylum Adds Open Policy Agent to Open Source Analysis Engine
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
