More than a year after announcing the #WatchOut vulnerabilities in Gator brand children’s smartwatches, researchers revisited the platform and found even greater vulnerabilities in Gator and other children’s smartwatch manufacturers.
While the initial vulnerabilities spotted in October 2017 allowed unauthorised access, remote audio surveillance, location spoofing, and SOS compromise, recent tests conducted by the Pen Test Partners have shown an attacker can now access the entire database including real time child locations, child and parents names and more, according to a 29 January blog post.
The vulnerabilities aren’t just in Gator’s technology but also in the back end service TechSixtyFour a back end service provided by Caref Watch Co Ltd, which also provides services for other smartwatches.
The system ultimately failed to validate that the user had the appropriate permission to take admin control and as a result an attacker could get full access to all account information and all watch information.
The vulnerabilities have since been resolved but researchers say the bug impacted 20,000 accounts on the system and 35,000 devices. Researchers warn users to beware of GPS enabled smartwatches at low price points as there is often little money to cover the cost of security.
This article was originally published on SC Media US.