Kids’ Smartwatch Pulled off EU Market for Data Privacy Risks
The IoT privacy nightmare continues, as this week’s spotlight focuses on a smartwatch designed for kids. The gadget has been recalled from end users after the European Commission issued a rapid alert on data privacy, writes The Guardian. Although the watch passed regulatory tests in Germany where it was manufactured, the ENOX Safe-Kid-One failed tests in Iceland. This compelled the country to submit an alert to the EC. Although Iceland is not a member of the European Union, it is a member of the economic space.
Tests in Iceland revealed that, while the watches were designed to help parents better track and communicate with their kids, they were vulnerable to third-parties, allowing unauthorized access to their data. With features such as microphone, GPS and speaker, hackers could easily manipulate the device and even tamper with the child’s real location data. Parents would normally use a smart phone app to track and communicate with their kids.
“The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data,” reads The Rapid Alert System for Non-Food Products (RAPEX).
“As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed. A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS. The product does not comply with the Radio Equipment Directive.”
Developed with low-quality sensors and often rushed to market, IoT gadgets for kids, and smartwatches specifically, are riddled with security flaws. This has led countries such as Germany to ban them due to privacy concerns. When Germany prohibited them in 2017, they were considered “listening devices.” Concerned they might not be able to provide security patches for the devices, Germany’s Federal Network Agency advised parents at the time to go as far as to destroy them.data privacy EU regulation security flaws smartwatch