Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
EU Privacy Hardware Technology

EU Orders Recall of Children's Smartwatch Over Severe Privacy Concerns (zdnet.com) 43

An anonymous reader quotes a report from ZDNet: For the first time, EU authorities have announced plans to recall a product from the European market because of a data privacy issue. The product is Safe-KID-One, a children's smartwatch produced by German electronics vendor ENOX. According to the company's website, the watch comes with a trove of features, such as a built-in GPS tracker, built-in microphone and speaker, a calling and SMS text function, and a companion Android mobile app that parents can use to keep track and contact their children. The product is what most parents regularly look in a modern smartwatch but in a RAPEX (Rapid Alert System for Non-Food Products) alert published last week and spotted by Dutch news site Tweakers, European authorities ordered a mass recall of all smartwatches from end users citing severe privacy lapses. "The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data," said authorities in the RAPEX alert. "As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed." On top of this, authorities also said that "a malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS."
This discussion has been archived. No new comments can be posted.

EU Orders Recall of Children's Smartwatch Over Severe Privacy Concerns

Comments Filter:
  • That "feature list" / "bug list" sounds like a predator's wet dream.

    • by Anonymous Coward

      The RAPEX alert is a safety alert.

      Safety Gate: the rapid alert system for dangerous non-food products

      The Safety Gate rapid alert system enables quick exchange of information between 31 European countries and the European Commission about dangerous non-food products posing a risk to health and safety of consumers.

      • by Anonymous Coward

        Still waiting for an explanation of how you get "RAPE-X" out of that word salad.

        • Presumably it wasn't named in English. Like how we get SI units from "International System of Units" (from the French Le Système International d'Unités). That's

  • a trove of features, such as a built-in GPS tracker, built-in microphone and speaker, a calling and SMS text function,

    So like a phone except you cannot airdrop dick pics?

  • Won't the company be punished for massive privacy violations? In other words: can any other company do the same thing tomorrow and totally get away with such sloppy security? If it is your trade, ignorance is not an excuse. A company that sells communication devices must know how to secure them.
    • Won't the company be punished for massive privacy violations? In other words: can any other company do the same thing tomorrow and totally get away with such sloppy security? If it is your trade, ignorance is not an excuse. A company that sells communication devices must know how to secure them.

      I'm a little curious about the "massive" privacy violations. Are we talking security holes that require years of brute force to break, or something that can be hacked in seconds by a script kiddy? Based on the article saying the data is unencrypted, it seems like the latter.

      • by jeremyp ( 130771 )

        From the summary:

        "The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data," said authorities in the RAPEX alert. "As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed."

        So I'd say we are talking about backend data that can be hacked in seconds. Except "unauthenticated access" suggests no real hacking is required. That is a huge privacy concern. Fu

  • by Anonymous Coward

    How hard is it to use https and prepared statements? (I work in a small company and use prepared statements to prevent accidental SQL injection from a stray quote or similar) Why is the history data editable? Did they just give the app access to the database connection?

    • It is a German Company.
      Germans are Good Engineers.
      Engineers are really bad programmers.
      Obvious trolling aside....

      Like most commercial software products (built anywhere in the world) business owners wants to get the product out the door as fast as possible. And will often rush to release the prototype software as the full live feature. I know by experience that it is very tough to convince executives that while your prototype works and shows off all the features, it will take a few month more of development

      • by Anonymous Coward

        It is a German Company.
        Germans are Good Engineers.
        Engineers are really bad programmers.
        Obvious trolling aside....

        Oh, it's far worse than that ...

        Bernieri pointed out that ENOX doesn't even appear to be in control of the Android app that ships alongside with its smartwatches, the app being owned by a Chinese developer who used the app's privacy policy URL to link to their own LinkedIn profile instead, showing little regard for EU's privacy regulation.

        This is straight up "we hired some guy in China who clearl

    • The answer to this is simple: Making something work is easy. Making something work securely is hard. Something that's hard to implement takes good engineers. Good engineers cost more money.

      Need I go on or is the wall the train of thought is about to hit obvious?

  • "The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data"

    "I was just following orders!"

    • You're so 1940. Germany 2020 is more akin to "Yes, we COULD of course do that but that costs more. Is there a law that makes us? No? Is there a lawsuit pending if we fuck up? No? Then why the heck are you bothering us with such petty nonsense?"

  • by Opportunist ( 166417 ) on Tuesday February 05, 2019 @08:56AM (#58072882)

    I thought the watches are already banned in Germany since their law identifies them as covert surveillance devices (which are illegal in Germany... unless you're the government, of course)?

    But it's about effin' time these security nightmares get outlawed. Dear helicopter parents: Fuck you.

    • by Anonymous Coward

      At least our children privacy is protected when another little girl ends up getting raped in a refugee shelter. Thank god our government has their priorities straight!

      • I agree. Guess what, nobody gives a fuck about someone else's kids. I'm already hard pressed giving one about the ones we already have here.

  • by Anonymous Coward

    Oh look big (huge) EU government interfering in the free market. This will solve nothing that the free market wont solve much better.

  • I'm glad they didn't has this bullshit when I was a kid.
  • See? That wasn't so hard to figure out from a technical standpoint. It didn't even require the resources of a nation-state to determine what was happening with the data and how easy the spyware, data-harvesting device could be accessed (note: nearly everything nowadays is a spyware, data-harvesting machine).

    Instead, we continue to get Smoke & Mirrors with lots of political grandstanding and a "news media" simply parroting the same message with click-baity headlines. The military-industrial-media complex

  • My son got such a watch for Christmas, and upon opening it and trying to read the Engrish, and finding an app that has to be sideloaded by downloading the APK from a web site... I got too skeeved out. Maybe I am just xenophobic. There's nothing inherently wrong with a Chinese app -vs- a Russian app -vs- a British app. The only reason I might trust a US or European app is that there is at least some due process of law. It's pretty unlikely that the Chinese are concerned with the locations of children in

    • It's pretty unlikely that the Chinese are concerned with the locations of children in the US

      I think that depends on whose kid it is. Kids often travel with their parents, so turning them into tracking devices might be interesting. Especially with the trade war with the USA, some kids might be an interesting target.

  • by Anonymous Coward

    There is zero legitimate reason to put GPS on a child. The people who actually believe these devices can keep their children safe by keeping track of their location are the worst parents on the face of the planet. If you want to keep track of your kids, do it by actually keeping track of your fucking kids! Not putting a pedophile bait device on them. No kid under the age of 16 even needs a cellphone, let alone a stupid smart watch that doesn't even serve a real purpose for adults. They are complete gimmick

"Gotcha, you snot-necked weenies!" -- Post Bros. Comics

Working...