Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Smart Watch Recalled in Europe Over Privacy Risks

The European Commission (EC) has ordered the recall of a children’s smart watch: the ENOX Safe-Kid-One, manufactured in Germany. It had received a complaint from Iceland’s consumer protection regulator.

The European Commission (EC) has ordered the recall of a children’s smart watch: the ENOX Safe-Kid-One, manufactured in Germany. It had received a complaint from Iceland’s consumer protection regulator.

The EC alert provides little detailed information, merely saying, “The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed.

A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”

Such potential is alarming under any circumstance, but particularly concerning where children are concerned.

According to the BBC, ENOX considers the recall to be ‘excessive’. The company’s founder, Ole Anton Bieltvedt said that the watch had passed tests carried out by German regulators last year allowing it to be sold. It has appealed the ruling. However, in November 2017, the German telecoms regulator banned the sale of smart watches to children, saying they violated Germany’s strict surveillance laws.

It had found the watches to be unauthorized transmitters capable of surreptitious child monitoring, and had even been used by parents to listen to teachers in the classroom.

“This is yet another example of IoT devices being rushed to market without proper consideration of privacy,” said Cesar Cerrudo, CTO at ethical hacking company, IOActive. “We are connecting more and more of these devices to the internet and manufacturers are really not applying due diligence, which in the long run will be really costly. While they may get the upper hand in beating the competition to get products to market, they lose out in the long run. Fines and the reputational damage — and in this case product recalls — can have a huge impact on revenues and consumer trust. Businesses need to build security in at the core of their solution, during the design phase, not as an after-thought.”

Advertisement. Scroll to continue reading.

At the time of writing this, the Safe-Kid-One smart watch was still apparently available from several on-line distributors.

Related: The Second War of Independence: Wearables vs. Security 

Related: IoT Malware Will Soon Surround Us: Researcher 

Related: Communications Between Smartwatches and Phones Exposed to Hack Attacks

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

IoT Security

Today’s growing attack surface is dominated by non-traditional endpoints.

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information.