Some popular children’s gadgets, including smartwatches available internationally, have been found to have security flaws so serious that individuals could track and eavesdrop on kids’ conversations, according to a consumer safety panel in Norway.
The Norwegian Consumer Council (NCC) reviewed the smartwatches with European security company Mnemonic and found gross invasions of privacy. When the companies were contacted about the concerns and failed to move swiftly to address them, the NCC went public.
Cybersecurity experts are raising red flags about these children’s smartwatches
The smartwatches in question are the Xplora, a GPS watch that works in tandem with the Xplora T1 app; the Gator 22 (along with the Gator app); Tinitell and Viksfjord (with the accompanying SeTracker app).
“It’s very serious when products that claim to make children safer instead put them at risk because of poor security and features that do not work properly,” Finn Myrstad, the Norwegian Consumer Council’s director of digital policy said in a news release. “Importers and retailers must know what they stock and sell. These watches have no place on a shop’s shelf, let alone on a child’s wrist.”
The Norwegian body said that consumer organizations in Europe and the United States have been alerted and will separately report the phones to the appropriate regulating authorities.
The issue of data-leaking smart devices geared toward children is a widespread one: In September, the German government banned smart teddy bears, Cloud Pets, from California-based Spiral Toys on the grounds that hackers could easily break into the devices’ database, which contains children’s profile pictures and audio files.
When asked why the devices didn’t have stronger encryption, (the toys reportedly allowed even three-digit passwords), Spiral Toys CEO Mark Meyers said he didn’t want to make things too difficult for children to use. “We have to find a balance,” he said, according to Networkworld.com. “How much is too much?”
The potential problems were exposed in February and fixed by the company shortly after, but the bigger issue around privacy concerns in smart toys remains.
The issue of privacy and children’s watches has reached a boiling point in Europe — so much so that the European Consumer Organization (BEUC) recently released a public service announcement on the issue. Hashtagged #Watchout, the PSA draws a line in the sand between parents and companies that fail to address privacy issues.
The issue of smart-toy security is not a new one in the United States. In 2015, security experts discovered that Mattel’s Hello Barbie could be hacked so that criminals could track children and even intercept communications. Mattel quickly fixed the issue, which resulted from connectivity pathways to its companion IOS and Android apps.
With the holiday season approaching, privacy and potentially data-leaking smart toys will loom large. As the government continues to compile the data and investigate individual concerns, it is up to parents to educate themselves and become informed consumers about the purchases they make for their children. Only then will smart toys truly be child’s play.