Kids toys aren’t what they used to be: Barbies now have mechanical brains, and gadgets like smartwatches are being made child-friendly. And anything connected to the internet comes with the risk of being hacked or misused to gather sensitive data about its owner—a liability now being passed on to children.
The latest example comes from developer Roy Solberg, who uncovered that the kid-friendly Gator 2 smartwatch he bought for his child could be easily hacked from a web browser. The watch, marketed as “children’s first cellphone,” and provides GPS-enabled location information so caregivers can know where their kids are at all times.
Solberg found by testing his own watch that an attacker could modify the location-tracking feature and download messages sent between parents and children. The attacker only needed the unique serial number given to every internet-connected device, an IMEI number. After confirming the hack himself, Solberg changed just one number of his watch’s IMEI and was able to download a private message from a similar Gator watch in Sweden.
“When you buy a product like this you expect to make them more safe,” Solberg writes in a blog post describing the vulnerability. “But what happens is that you put your child at risk. Any predator can track your kid, and even start see patterns in when a child usually goes to e.g. school or after-school activities.”
READ THE REST: