Yet another hacking scandal has hit yet another company that makes smartwatches for kids. It’s a good opportunity to remind Santa that he should not, under any circumstances, bring “smart” toys to kids until there are tough privacy and security standards in place.
According to a new report from the BBC, MiSafes’ child-tracking smartwatches are easy to hack because the device “neither encrypted the data they used nor secured each child’s account.” The unsecured accounts contain a photo of the child, name, gender, date of birth, height, weight, parents’ phone number, and the phone number of the watch. Security researchers found that anybody with minimal technical knowledge can track kids’ movements, eavesdrop into their daily lives, and even make fake calls that appear to be from the kids’ parents.
The watch, according to the report, has used GPS tracking and 2G cell connectivity to, ostensibly, keep thousands of children safe since 2015. Except it doesn’t. “It’s probably the simplest hack we have ever seen,” security researchers Ken Munro and Alan Monie told the BBC.
MiSafes is not the exception. It’s the norm. Last November, the German equivalent to the FCC urged parents to destroy smartwatches for children that were shown to have eavesdropping capabilities. Norwegian authorities echoed these concerns. Previous to that, Germany had already banned a smart doll that could be used to spy on kids. Earlier in 2016, Fisher-Price was under fire for a smart teddy bear that could be hacked to track children.
As a result, the European Union and some European countries are cracking down on these poorly developed devices made by companies banking on your most basic fears (about your kid being abducted) or pure desperation (what to get your kid for the holidays).
Meanwhile, the United States hasn’t done anything to stop them, even while we read about these types of hacks seemingly every single month. It’s a massive problem that extends across all IoT devices and an alarming number of apps for kids.
It’s one thing for adults to entrust their privacy to corporations without any qualms. For instance, if you know that Facebook’s products are designed to scrape your personal data for ad targeting, and that it allowed user data to be wielded to influence elections, and that it may expose that data in breaches, and you choose to use them anyway? That’s your choice as an adult. But don’t impose a disregard for data privacy on kids. They have neither the information nor the judgment to know better when it comes to connected devices.
So, as you go into Black Friday or Cyber Monday on the hunt for presents, keep all of this in mind. Skip the smart teddy bears, smartwatches, smart games, smart anything. Instead, get them teddy bears that don’t have cameras, watches that just measure time, and games that are played on paper. The internet of things for kids is not ready–and it won’t be until regulations are put in place to ensure your kids’ safety first.