Story image

European Commission urges recall of children's smartwatch

05 Feb 2019
Twitter
Facebook

If you’ve been on a trip to Germany recently and picked up a few gifts for the family, you might want to take note if you happened to by the Enox Safe-KID-One smartwatch for children.

Despite ‘Safe’ being in the watch’s name, it’s actually anything but safe. In fact, the European Commission has gone as far as urging distributors to recall every single watch from anyone who was unlucky enough to buy it because it’s a ‘serious risk’.

Enox Group, the company behind the Safe-KID-One, describes the smartwatch as a high-tech GPS safety and surveillance watch that helps parents keep track of and talk to their children all the time.

“Through downloading of an app in your smartphone (QR Code included in the user Manual), you can locate and follow your kid – almost to the metre – on a GPS map in your Smartphone. You can, also, follow the route of your kid the last 30 minutes, 60 minutes etc, through recording and playback of movements,” a product sheet on the company’s website says.

The problem is, according to the European Commission, the smartwatch and its app are so unsecure that anyone could hack into the watch, track the child, or talk to them.

“The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed,” says a statement.

“A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”

It’s not so hard to see why that might be a problem – the watch’s inbuilt speaker and microphone could broadcast just about anything.

“The kid has 3 one-click phone call buttons; e.g. For mum, dad and grandma.” Furthermore, it has an SOS button on the watch, which does, by one click for 3 seconds, call or text all 3 parties. Only pre-listed parties can call the kid.”

If hackers got in and changed those numbers, suddenly mum and dad aren’t who the child thinks they are.

The European Commission adds that the watch doesn’t comply with the Radio Equipment Directive and any distributor that dealt with the Safe-KID-One should recall the product from end users.