The European Commission has ordered the child smart watch provider ENOX to recall its Safe-KID-One product, after it was found the watch could be used by bad actors to send messages to the watch and use the inbuilt GPS to find the locations of their child users.The Commissions rapid alert system, which is used to inform other European nations of dangerous products, states that these smart watches pose a ‘serious’ risk; potentially threatening the child’s safety.
The Safe-KID-One is badged as ‘A High Tech SIM/GPS Safety and Surveillance Smart Watch for Kids’ by its manufacturer and has the tag line of ‘You can Keep an Eye on, Talk to and Watch over your Kid Everywhere and All the Time’. It includes a built-in microphone, speaker and GPS locator, and supports a smart phone companion app for parents to use and keep tabs of their children.The risk highlighted by the EC, states that a malicious user is able to send commands to any watch, and make it call any number of their choosing, allowing communication directly with the child wearer, as well as the ability to pinpoint the child’s location through GPS.This is primarily related to the unencrypted communication used by the devices to communicate with the ENOX servers, which enables unauthenticated access to its data. This results in access to the device data, location history, phone numbers and serial number, which can be easily captured or modified.In EC terms, this product does not comply with the requirements of the Radio Equipment Directive.It is reported that this may be the first time that the Rapid Alert System (RAPEX) has been used to report a dangerous product based on its risk to privacy and data protection.ENOX contacted The Register and told them: "This Version of the Watch was tested by Bundenetzagentur in Germany last Summer, and it did pass the test and was released for sale. In December 2018 we got the attached confirmation from them, that the watch had passed their test.This is not the first time that children’s smart watches have been in the news, in November ‘18 Pen Test Partners reported a similar issue in the MiSafes smart watch.In the interests of child safety, we recommend that parents no longer allow their children to use these devices, until a time the vendor can prove they have resolved these issues.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListIronshare – Security Simplified
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
