The SmartTurtle Kid’s Smartwatch is one of numerous generic smartwatches sold on Amazon that Rapid7 discovered to have serious security flaws. Amazon
- Amazon sells low-priced smartwatches designed for children. The comparatively low price tag, restricted functionality, and ease of use paralleled to a smartphone make them appealing options for parents.
- But researchers found that these smartwatches have serious flaws that could let unfamiliar person track and talk to the kids sporting them.
- The cheap smartwatches retailed on Amazon that were tested have extremely weak security measures that could let reasonably anyone with the intention to obtain control of a kids’ smartwatch.
- Parents’ best bet is to stick to familiar brands, even if it means choosing higher price tags.
Cheap smartwatches available on Amazon that range between $20 and $35 and are intended for children have serious flaws that could let strangers trail and talk to the kids wearing the smartwatches, as reported by Boston-based cybersecurity researchers Rapid7.
“It is likely that an attacker with information of the smartwatch phone number could take up total control of the device, and thus use the tracking and voice chat functionality with the same authorizations as the legitimate user (typically, a parent),” Tod Beardsley, director of research at Rapid7, mentioned in the report, which was previously reported by Bloomberg.
These smartwatches come with voice chat functions and GPS, and their low price tags, restricted functionality, and ease of use paralleled with smartphones make them appealing options for parents who want to know where their children are or converse with them without a smartphone.
But Rapid7’s discoveries showed that the security measures on the smartwatches were frequently ineffective, and many didn’t work at all.
One method a guardian can change a child’s smartwatch settings distantly is by sending a text message to the device. But to stop strangers from changing the settings, a list can be put up of specific pre-approved numbers. But Rapid7 said that this security step, a whitelist, was a “weak control, even in the best of situations.”
Rapid7 discovered that the whitelist had no effect on who could change the smartwatch’s settings. Anyone, even those who weren’t on the previously approved list, could send a text message to one of these smartwatches to alter their settings.
“In routine, this filter did not appear to be useful at all,” Beardsley wrote, “unlisted numbers could also interact with the watch.”
The other fault involves the smartwatch’s default passwords. Rapid7 found that the smartwatch’s manuals had a minute to no information on the default passwords and how to alter them. As a result of this problem, users are not likely to modify the default password, which makes it simple for anyone who wanted access to the smartwatches to gain control.
The smartwatches that were engaged by Rapid7 included Jsbaby Game Smart Watch, Children’s SmartWatch, and SmarTurtle Kid’s Smartwatch. They all seem to be white-label rebrands, manufactured by Chinese company 3G Electronics. Rapid7 only tested three of the extensive variety of cheap children’s smartwatches sold on Amazon, so other models likely contain the same flaws.
The Children’s SmartWatch is still itemized on Amazon, but it’s “currently unavailable.”
The Jsbaby Game Smart Watch is still offered to buy on Amazon for $33.
The SmarTurtle Smart Watch for Kids is even now being sold as used for $20.
Rapid7’s advice is to adhere to “clearly identifiable vendors.” Basically, if you don’t know the brand, don’t go for it.
The findings are another notch on Amazon’s record of questionable vetting practices for products registered on the site. Amazon and 3G Electronics did not instantly reply to our requests for comment.