The European Commission (EC) has ordered the recall of a children’s smart watch: the ENOX Safe-Kid-One, manufactured in Germany. It had received a complaint from Iceland’s consumer protection regulator.
The EC alert provides little detailed information, merely saying, “The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed.
A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”
Such potential is alarming under any circumstance, but particularly concerning where children are concerned.
According to the BBC, ENOX considers the recall to be ‘excessive’. The company’s founder, Ole Anton Bieltvedt said that the watch had passed tests carried out by German regulators last year allowing it to be sold. It has appealed the ruling. However, in November 2017, the German telecoms regulator banned the sale of smart watches to children, saying they violated Germany’s strict surveillance laws.
It had found the watches to be unauthorized transmitters capable of surreptitious child monitoring, and had even been used by parents to listen to teachers in the classroom.
“This is yet another example of IoT devices being rushed to market without proper consideration of privacy,” said Cesar Cerrudo, CTO at ethical hacking company, IOActive. “We are connecting more and more of these devices to the internet and manufacturers are really not applying due diligence, which in the long run will be really costly. While they may get the upper hand in beating the competition to get products to market, they lose out in the long run. Fines and the reputational damage — and in this case product recalls — can have a huge impact on revenues and consumer trust. Businesses need to build security in at the core of their solution, during the design phase, not as an after-thought.”
At the time of writing this, the Safe-Kid-One smart watch was still apparently available from several on-line distributors.
Related: The Second War of Independence: Wearables vs. Security
Related: IoT Malware Will Soon Surround Us: Researcher
Related: Communications Between Smartwatches and Phones Exposed to Hack Attacks
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
Tags: 
