Security Flaws in Children's Smart Watches

The Norwegian Consumer Council has published a report detailing a series of security and privacy flaws in smart watches marketed to children.

Press release. News article.

This is the same group that found all those security and privacy vulnerabilities in smart dolls.

EDITED TO ADD (10/21): Slashdot thread.

Posted on October 19, 2017 at 9:18 AM • 13 Comments

Comments

K.S.October 19, 2017 11:20 AM

Maybe "think of the children" could be used to push regulation for IoT through? I hope next they look at internet-enabled baby monitors as security on these is also non-existent.

Norwegian CitizenOctober 19, 2017 1:34 PM

@ Bruce

"Norwegian Security Council"?

It's rather the "Norwegian Consumer Council".
A slightly different meaning...

Who?October 19, 2017 1:52 PM

Noble design goals, but as other manufacturers these ones fail in the privacy area turning their watches into surveillance devices specialized in gathering as many information as possible from their users (childrens!) and their families. No way to delete user accounts, no way to delete data (including geolocalization of childrens), targeting personal data for marketing purposes... seriously, will all this end some day?

Note that I have not even started looking into the security issues and software bugs—I will bet engineers working at these corporations do not care a lot about the security of their watches either.

When we started living in a cyberpunk world?

handle_xOctober 19, 2017 2:58 PM

"I will bet engineers working at these corporations do not care a lot about the security of their watches either."

I think it's premature to blame unknown engineers for even an extremely flawed product.
Those decisions are made by management, the engineers don't call shots anywhere.

Coming to market on-time and on budget "Trumps" the quality assurance we all expect.
Until this is changed by moving the incentives to fit sustainability, it will continue.

If companies that made flawed products actually had risks for their CEO's and boards,
much more substantial than the multi-national implementation of corporate law allows now,
then we could begin to see some foresight and caution where there is no need for it now.
They make money either way, and when it blows up they give out parachutes. Repeat.

This culture will not change without an equal opposing force to greed and complacency.

faOctober 19, 2017 3:48 PM

> I think it's premature to blame unknown engineers for even an extremely flawed product.
> Those decisions are made by management, the engineers don't call shots anywhere.

Still those engineers must be aware of what they are doing. 'Befehl ist Befehl' is no excuse.

handle_xOctober 19, 2017 6:09 PM

"'Befehl ist Befehl' is no excuse."

Presumably the engineers did not actually SHOOT anyone.

Each engineer is aware of what they are doing, and engineering management is supposed to stitch those efforts together into a comprehensive material blanket. There are supposed to be whole departments for regulatory compliance and quality assurance and security - that's not mandated for technology/appliance companies though, and even when it is mandated even then there are MAJOR failures. All the time, everywhere.

You're saying William E. Boeing is responsible for 9/11. How's that for a Godwin?


DroneOctober 20, 2017 4:55 AM

Overheard on a video conference with Robin Li (Baidu), Sundar Pichai (Google), and Arkady Volozh (Yandex):

"If they accept being tracked as children, we'll get no trouble from them as adults."

DoobieOctober 20, 2017 6:42 AM

Re. Samsung and mobile Linux

We already have a Linux-based smartphone OS developed in response to the strategic interests of a global corporation. It's called Android, and it aint pretty.

Treadwell CovingtonOctober 20, 2017 7:22 AM

@ Doobie

The article claims you'll be able to install, for example, Linux Mint on a Galaxy 8 and have a Linux desktop by connecting it to what sounds like a docking station.
This may be a solution in search of a problem.

Treadwell CovingtonOctober 20, 2017 7:30 AM

@ Drone

A lot of us graybeard techies think the real fun starts when most of us are dead.

NooneOctober 22, 2017 10:35 AM

>Drone • October 20, 2017 4:55 AM
>"If they accept being tracked as children, we'll get no trouble from them as
>adults."

Yup. And that is the goal. Desensitization so that future markets don't resist becoming the "product" being bought and sold.

AnonymooseOctober 23, 2017 7:32 PM

Treadwell Covington said: "The article claims you'll be able to install, for example, Linux Mint on a Galaxy 8 and have a Linux desktop by connecting it to what sounds like a docking station. This may be a solution in search of a problem."

They tried this a few years back (sorta kinda) with that phone you could plug into a laptop 'shell' for a more productive business-y type experience. It wasn't all that great as a phone, and ESPECIALLY not as a laptop. Android was built from the ground up for mobile, it's in its DNA and that just doesn't translate, for me at least.

That being said! I think this is an awesome idea. We're well past the point where you can easily have a phone that pops into a dock at your desk, or into a laptop shell (like a battery!) and there's maybe an extra SoC or GPU in there for the real heavy stuff, fancy ones will have extra ECC RAM, superconducting magnetic cooling, levitating wireless charging (new RFC idea: ki charging!) and of course, more ports than you can find dongles for. Plus an 8-port USB-C hub.

There will be of course the Apple iDock, and iPhone Air. Samsung Universe - one device for everything in your universe! This will let them sell a newer better faster cooler $1800 phone, that also functions as a laptop, desktop, powerhouse workstation, media center and can still plug into a VR headset. It slices dices and chops, I can eviscerate this old work boot and STILL slice a tomato SO THIN you could kill a man with it like an organic, razor thin, biodegradable ninja star!

Let's get to work guys!

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.