Published on December 19th, 2019 📆 | 3144 Views ⚑
0Millions of Child-Tracking Smartwatches Exposed in Cloud Flaw: Report
An exclusive report from TechCrunch says that over 47 million connected devices, including GPS smartwatches marketed toward children, are vulnerable to hacking due to major flaws in the cloud platform that supports the devices.
Earlier this year, researches found that a number of childrenâs smartwatches sold on Amazon and manufactured by the same White Label company contained several vulnerabilities that could allow anyone to access the devices and communicate with the wearer.
One discovery of the investigation was that the SMS filter â meant to allow only authorized numbers (usually the parents of the wearer) to communicate with a smartwatch â was inactive, meaning anybody could access it and obtain data including the wearerâs location.
The report says that a major flaw in the cloud platform was discovered that not only exposes location data but also voice communications that were recorded and stored in an unsecured database.
The cloud platform in question is developed by Chinese White Label electronics maker Thinkrace, one of the largest manufacturers of location-tracking devices in the world and the maker of several of the childrenâs smartwatches that have been found to be vulnerable to hacking.
Ken Munro, the founder of Pen Test Partners, the group that conducted the study, said that they found at least 47 million vulnerable devices and that âthis is only the tip of the iceberg.â
Munro also found that Thinkrace makes more than 360 connected devices that are often rebranded and resold by other retailers.
âOften the brand owner doesnât even realize the devices they are selling are on a Thinkrace platform,â said Munro.
The devices interact with Thinkraceâs cloud platform either directly or via a web domain operated by the reseller, and Munroâs team found that most of the commands that control the devices donât require any authorization, allowing anyone with knowledge of the control points to gain access to the location data and voice recordings gathered from the devices.
It isnât just childrenâs watches that are affected by these vulnerabilities. Thinkrace provided 10,000 smartwatches for athletes at the Special Olympics, which exposed them to having their locations tracked as well.
Source: TechCrunch, Rapid7
Gloss