Parents buy their children GPS-enabled smartwatches to keep track of them, but security flaws mean they’re not the only ones who can.
This year alone, researchers have found several vulnerabilities in a number of child-tracking smartwatches. But new findings out today show that nearly all were harboring a far greater, more damaging flaw in a common shared cloud platform used to power millions of cellular-enabled smartwatches.
The cloud platform is developed by Chinese white-label electronics maker Thinkrace, one of the largest manufacturers of location-tracking devices. The platform works as a backend system for Thinkrace-made devices, storing and retrieving locations and other device data. Not only does Thinkrace sell its own child-tracking watches to parents who want to keep tabs on their children, the electronics maker also sells its tracking devices to third-party businesses, which then repackage and relabel the devices with their own branding to be sold on to consumers.
All of the devices made or resold use the same cloud platform, guaranteeing that any white-label device made by Thinkrace and sold by one of its customers is vulnerable.
Ken Munro, founder of Pen Test Partners, shared the findings exclusively with TechCrunch. Their research found at least 47 million vulnerable devices.
“It’s only the tip of the iceberg,” he told TechCrunch.
Smartwatches leaking location data
Munro and his team found that Thinkrace made more than 360 devices, mostly watches and other trackers. Because of relabeling and reselling, many Thinkrace devices are branded ..
Support the originator by clicking the read the rest link below.
