Many children's smart watches have a phone call and positioning function, the purpose is to allow parents to contact their children at any time, to ensure the safety of children. However, these watches are exposed to potential safety problems, but after hacking is easy to leak personal information.
Instead, the watch designed for "safety" has a security risk. How hackers attack the smart watch? Is smartwatches more vulnerable than mobile phones? What should you watch out when choosing a children's smart watch?
Germany banned children's smart watches
The safety of children's smart watches has attracted the attention of many countries.
According to the BBC, the German Federal Internet Office banned the sale of children's smartwatches in the country and urged parents to destroy the existing children's watch and call it a listening device. The agency has taken steps against several companies that sell such watches online.
On the reasons for the ban, reported speculation may be due to invasion of privacy or watch security loopholes.
According to the British BBC report, the German Federal Internet Office banned the sale of children's smart watches in the country. Source: BBC official website screenshots.
In October of this year, the Norwegian Consumer Council said in a report that some children's watches were flawed, such as data being transmitted and stored without encryption. "This means that strangers using basic hacking techniques can track children's actions or make a child look completely different," the report said.
As early as 2015, there was a serious security breach in China's media when children's smart watches with multiple brands were exposed. Hackers can not only accurately grasp the location of the watch, but also obtain complete access to children's daily walking routes, eavesdropping on children's dialogues and surrounding sounds.
Hackers attack smart watches?
This reporter has learned that children's smart watches have the appropriate mobile software (App), for parents registered, bound watches, in the mobile App can set children's names, birthdays and other information, you can send instructions, such as query location, call Wait.
So, how hackers attack smart watches?
Junfeng Yu, a senior security researcher at Xi'an Clover Information Technology Co., Ltd., said that the information set in the App and the instructions sent in the app will be transmitted to the smart watch cloud server, and some function instructions are also sent to each other between the cloud server and the watch.
"Normally, user A can only send messages and commands to the smart watch to which he binds, but because the smart watch cloud program does not determine the user identity and the instruction to be executed, user A can also send the unbound Other smartwatches. "This led to an overrun vulnerability," he said.
Some of the children's smartwatches have hidden dangers
On the "unauthorized loopholes", Junfeng Yu explained that, for example, hackers in a bank card, under normal circumstances can only withdraw money from their bank card, but the hacker to change the bank card number to others, from someone else's bank card Money out, the bank did not determine whether the withdrawal of the right to withdraw money from this bank card, which is ultra vires.
Data map. Hackers hidden in the network also have black and white points. The "white hat" is a security and technology that is the builder of cybersecurity. The "black hat" is a technology for profit and is the sabotage of cybersecurity.
Vendor design irregularities lead to loopholes
However, the safety of children's smart watches can not be simply attributed to technical problems.
In 2015, many brands of children's smart watches in China were exposed to "over-privileged loopholes." Speaking of this issue, Sun Hao, director of 360 watch children's watch told Xinhua News Agency, which is actually a relatively low-level loopholes in the premise that this can be done in the server-side interface design is not standardized, so that attackers can cross Some authentication means illegally obtain the watch's privacy information.
"Further, the fundamental reason is that in 2015 the children's watch market broke out, many small manufacturers to enter the market, they do not have the perfect design and development capabilities, the use of some public board program on the market, the product of the technical design problems." Sun Hao said.
Junfeng Yu believes that some manufacturers in order to market as soon as possible to occupy the market products, the lack of adequate design, development, testing time, leading to loopholes; some manufacturers were informed of the details of the loopholes submitted by the white hat hackers, did not take any remedial measures to loopholes ignored, any By loopholes exist.
Is smartwatches more vulnerable than mobile phones?
From a technical point of view, children's smart watches than mobile phones, computers more easily hacked it?
Sun Hao said, in fact, children's watches relative to the phone, the computer more secure. Children watch relatively single function, no browser, third-party applications, but also shield SMS, MMS and other functions, the call has a whitelist mechanism. Not as phishing websites, malware, fraudulent calls, and text messages as mobile phones and computers do.
For now, there is no evidence that children's smartwatches are more easily hacked.