A location-tracking watch for children can be easily hacked, a new report has warned, with hackers able to access information such as the child’s live location and their photo.
The watch, made by the company MiSafes, is designed to be worn by children, enabling parents to track their GPS location via an app and make phone calls to them.
Pen Test Partners, a company that specialises in testing cyber security, said the devices do not encrypt data and were easy to hack and manipulate.
“It’s probably the simplest hack we have ever seen,” the lead researcher told the BBC. “I wish it was more complicated. It isn’t.”
According to Pen Test Partners, tests on the watches enabled them to:
-
Retrieve real time GPS coordinates of the children’s watches
-
Call the child on their watch
-
Send audio messages to the child on the watch, bypassing the approved caller list
-
Retrieve a photo of the child, plus their name, date of birth, gender, weight and height.
The testers said they were also able to listen to the audio of children at any given time, without knowledge of the children (or their parents). This was possible by making the watch answer any incoming call, without the child pressing anything.
Pen Test Partners and the BBC both say they have contacted the company MiSafes and have yet to receive a response. HuffPost UK has also contacted the company and will update this piece if we receive a statement.