Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Smart Watch Recalled in Europe Over Privacy Risks

The European Commission (EC) has ordered the recall of a children’s smart watch: the ENOX Safe-Kid-One, manufactured in Germany. It had received a complaint from Iceland’s consumer protection regulator.

The European Commission (EC) has ordered the recall of a children’s smart watch: the ENOX Safe-Kid-One, manufactured in Germany. It had received a complaint from Iceland’s consumer protection regulator.

The EC alert provides little detailed information, merely saying, “The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed.

A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”

Such potential is alarming under any circumstance, but particularly concerning where children are concerned.

According to the BBC, ENOX considers the recall to be ‘excessive’. The company’s founder, Ole Anton Bieltvedt said that the watch had passed tests carried out by German regulators last year allowing it to be sold. It has appealed the ruling. However, in November 2017, the German telecoms regulator banned the sale of smart watches to children, saying they violated Germany’s strict surveillance laws.

It had found the watches to be unauthorized transmitters capable of surreptitious child monitoring, and had even been used by parents to listen to teachers in the classroom.

“This is yet another example of IoT devices being rushed to market without proper consideration of privacy,” said Cesar Cerrudo, CTO at ethical hacking company, IOActive. “We are connecting more and more of these devices to the internet and manufacturers are really not applying due diligence, which in the long run will be really costly. While they may get the upper hand in beating the competition to get products to market, they lose out in the long run. Fines and the reputational damage — and in this case product recalls — can have a huge impact on revenues and consumer trust. Businesses need to build security in at the core of their solution, during the design phase, not as an after-thought.”

At the time of writing this, the Safe-Kid-One smart watch was still apparently available from several on-line distributors.

Advertisement. Scroll to continue reading.

Related: The Second War of Independence: Wearables vs. Security 

Related: IoT Malware Will Soon Surround Us: Researcher 

Related: Communications Between Smartwatches and Phones Exposed to Hack Attacks

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

ICS/OT

As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically.

IoT Security

Hikvision patches CVE-2023-28808, a critical authentication bypass vulnerability that exposes video data stored on its Hybrid SAN and cluster storage products.