Recently, it has been discovered that SMA-WATCH-M2, a smartwatch featuring a GPS tracker manufactured by a Chinese firm named Shenzhen Smart Care Technology has been found vulnerable in terms of data and location security.
Researchers at the IoT laboratory from the AV-TEST Institute revealed that the data of as much as 5000 children globally is at stake on the firm’s unencrypted servers which includes names, addresses, age, images and voice messages of these children.
See: Germany bans kids smartwatches, asks parents to destroy them
In addition to the data being unencrypted, it can also be accessed unauthorizedly leaving little to do for someone looking to misuse such data.
Image credit: AV-TEST
Yet, there’s more to this ordeal. A configuration file found in the smartphone app directory could be used to obtain the data of any user ID the attacker enters without requiring any credentials whatsoever through the web API. As an example, one could also link their own app this way to a child’s app and assign themselves the status of a parent app accessing all the data of the child conveniently.
But wouldn’t the child know since they should naturally receive a notification when someone has connected to their account? Turns out, no, nada, it’s like they send out no notification so someone could deliberately misuse this silent access.
See: Shoddy security of popular smartwatch lets hackers access your child’s location
An interesting thing to note thoug ..
Support the originator by clicking the read the rest link below.
