Kids’ smartwatch security tracker can be hacked by anyone
For researchers at testing outfit AV-Test, the SMA M2 kids’ smartwatch is just the tip of an iceberg of terrible security.
On sale for around three years, superficially it’s not hard to understand why the model M2 might appeal to anxious parents or carers.
Costing only $32, it pairs with a smartphone so that adults can track the real-time location of kids via GPS, GSM or Wi-Fi using a simple mapping app and online account. Add a SIM and it can be used to make voice calls and there’s even an SOS button children can press in the event of an emergency.
The colour screen, cartoon icons, and baby-blue or pink colour scheme is almost guaranteed to appeal to younger children.
AV-Test’s investigations reveal that the M2 also happens to be an unmitigated security disaster.
Naked Security has covered numerous security screw-ups over the years but it’s hard to imagine a more face-palming charge sheet than that levelled at the makers of the M2 by AV-Test.
To illustrate the point, the testers use the example of a girl called Anna who lives in Dortmund, Germany.
She vacations with her grandparents in a coastal town called Norderney, where she regularly visits the local harbour around 2 o’clock to spot seals for an hour.
The company knows all of this because Anna is wearing an M2 smartwatch which has been leaking this information along with that of another 5,000 children via a public system whose security would be non-existent for any competent hacker.
AV-Test was able to find the names and addresses of these children, their age, images of what they looked like, as well as voice messages transmitted from the watch.
In a development that would be ironic if it weren’t so serious, they were able to discover children’s current locations. Warns AV-Test’s Maik Morgenstern:
We picked out Anna as much as we could have picked Ahmet from London or Pawel from Lublin in Poland.