German authorities have banned the sale of smartwatches for children, saying the technology more closely resembles a "spying device" than a toy, and urging parents who've purchased one to destroy it.
The vulnerability of children's smartwatches has been a poorly kept secret ever since their launch. Ken Munro, security expert at Pen Test Partners, notes the software underpinning children's smartwatches is rife with "significant security flaws."
"These devices don't encrypt properly, expose kids to data theft, stalking and even more. Hackers can easily change a child's coordinates — meaning they can make a child playing in the garden appear to be leaving the country, terrifying parents. Even more insidiously, someone could actually kidnap a child but modify the data to make it look like they were still playing with their friends," Mr. Munro told Sputnik.
In October, the European Consumer Organization (BEUC) warned smartwatches were a serious threat to children's privacy. In particular, the organization expressed concern over the ease with which strangers could take control of a watch and track, eavesdrop on and even communicate with a wearer, and easily circumvent requirements around trusted phone numbers. Moreover, it was not possible to permanently delete data collected by the devices, and most of the apps offered by the watches (and the watches themselves) lacked terms and conditions.
Scary! Strangers can seize control of smartwatches & use them to track and eavesdrop on children #WatchOut https://t.co/iojilQ1M4I
— The Consumer Voice (@beuc) October 18, 2017
"These watches should not find their way into shops. The EU urgently needs to regulate mandatory security standards for connected products. Producers should immediately fix these flaws or find their products withdrawn from the market. Market surveillance authorities should make sure that such products never reach the market in the first place," concluded Monique Goyens, Director General of BEUC.
That same month, similar anxieties were expressed in a report published by the Norwegian Consumer Council.
"We found advertised safety-enhancing features, such as an SOS button that alerts the parents if the child is in distress, and a geofencing function that sends an alert whenever the child enters or leaves a designated area, were unreliable. [Devices] provide a false sense of security. Additionally, the abundance of smartwatches for children available internationally, with cheap Chinese products being imported and rebranded by a vast number of local retailers, makes it difficult to obtain a clear picture of who is responsible for the various products," the Council's report concluded.
Regulatory Blind Spot
"Manufacturers need to up their game, and stop rushing the release of unsafe devices — they want to be the first mover and corner the market, and fail to uphold security standards as a result. What we need is drama — consumers pressuring smartwatch makers to sort out their security, litigation against offending companies, and the like. For instance, there have been a few class action lawsuits in the US, which have forced manufacturers to behave properly," Mr. Munro continued.
Nonetheless, the security expert acknowledged a lack of regulation in the sphere abets poor industry practices — and governments "take a long time to catch up" with risks.
He also noted it's not merely in the smartwatch sector security standards are inadequate. Many other 'Internet of Things' devices, such as smart toys and talking dolls, are likewise extremely vulnerable to outside attack. Security companies have long warned about the dangers of implanting toys with IoT capability. Cameras allowing parents to monitor children from work are particularly worrying, since most are unsecure and the feeds can be hijacked by virtually anyone.
In July, the US Federal Bureau of Investigation issued a public service announcement warning smart toys containing microphones, cameras, or GPS devices endangered children's privacy and physical safety.
"In some cases, toys with microphones could record and collect conversations within earshot of the device. Information such as the child's name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment," the FBI cautioned.