Serious cyber-security concerns triggers European recall of children's smartwatch

News by Tom Reeve

A smartwatch which enables parents to track their children has been recalled by the European Commission over serious security concerns that could leave children vulnerable.

The European Commission has issued a recall notice for the ENOX children’s smartwatch after concerns were raised about severe cyber-security issues with the device.

The Commission issued the notice under the Rapid Alert System for Non-Food Products (RAPEX) this morning, classifying the risk level for the Safe-KID-One watch as ‘serious’.

The watch boasts GPS capabilities that enable a parent to track the location of their child using a smartphone app. A geofence function will alert parents when a child leaves a designated area, and a telephone function stores three numbers to which emergency messages can be delivered by voice or SMS.

The RAPEX alert states: "The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed.

"A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS."

It also stated that the product – country of origin Germany – is not in compliance with the Radio Equipment Directive.

It has ordered the distributor to recall the product from end-users.

It follows a stream of reports over the past couple of years about serious security concerns over children’s toys and watches in particular. The prospect of regulation looms over the industry if it doesn’t get its act together, the UK government has said.

Cesar Cerrudo, CTO at the ethical hacking company IOActive, commented: "This is yet another example of IoT devices being rushed to market without proper consideration of privacy. We are connecting more and more of these devices to the internet and manufacturers are really not applying due diligence, which in the long run will be really costly.

"While they may get the upperhand in beating the competition to get products to market, they lose out in the long run. Fines and the reputational damage – and in this case product recalls – can have a huge impact on revenues and consumer trust. Businesses need to build security in at the core of their solution, during the design phase, not as an afterthought." 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews