"IoT Smartwatch Exposes Kids’ Personal, GPS Data"

Researchers at AV-TEST have discovered vulnerabilities in the SMA M2 smartwatch, manufactured by Shenzhen Smart Care Technology Ltd. According to researchers, the smartwatch designed for children contains vulnerabilities that could allow hackers to perform malicious activities such as eavesdrop on users, leak personal data, expose GPS position data, and masquerade as a child's parent via messages and phone calls. The exploitation of these vulnerabilities gives potential attackers the ability to track the location of children and access data on their parents' accounts. The personal data that can be accessed by hackers through the abuse of the IoT smartwatch's flaws include names, addresses, ages, and contacts such as relatives. The flaws derive from weak authentication and a lack of encryption. More than 5,000 children and 10,000 parents are impacted by the vulnerability of this smartwatch to hacking. This article continues to discuss the presence of vulnerabilities in the SMA M2 smartwatch, how these security issues can be abused by hackers, SMA's response to this discovery, and findings of security flaws in other popular IoT smartwatches. 

Threatpost reports "IoT Smartwatch Exposes Kids’ Personal, GPS Data"