EU Orders Recall of Children's Smartwatch Over Severe Privacy Concerns (zdnet.com) 43
An anonymous reader quotes a report from ZDNet: For the first time, EU authorities have announced plans to recall a product from the European market because of a data privacy issue. The product is Safe-KID-One, a children's smartwatch produced by German electronics vendor ENOX. According to the company's website, the watch comes with a trove of features, such as a built-in GPS tracker, built-in microphone and speaker, a calling and SMS text function, and a companion Android mobile app that parents can use to keep track and contact their children. The product is what most parents regularly look in a modern smartwatch but in a RAPEX (Rapid Alert System for Non-Food Products) alert published last week and spotted by Dutch news site Tweakers, European authorities ordered a mass recall of all smartwatches from end users citing severe privacy lapses. "The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data," said authorities in the RAPEX alert. "As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed." On top of this, authorities also said that "a malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS."
privacy? How about safety? (Score:2)
That "feature list" / "bug list" sounds like a predator's wet dream.
Re: (Score:1)
The RAPEX alert is a safety alert.
Re: privacy? How about safety? (Score:1)
Still waiting for an explanation of how you get "RAPE-X" out of that word salad.
Re: (Score:2)
Presumably it wasn't named in English. Like how we get SI units from "International System of Units" (from the French Le Système International d'Unités). That's
"trove" of features (Score:2)
a trove of features, such as a built-in GPS tracker, built-in microphone and speaker, a calling and SMS text function,
So like a phone except you cannot airdrop dick pics?
Re:"trove" of features (Score:4)
So like a phone except you cannot airdrop dick pics?
Is that a challenge?
Hold my beer.
Is that all? (Score:2)
Re: (Score:2)
Won't the company be punished for massive privacy violations? In other words: can any other company do the same thing tomorrow and totally get away with such sloppy security? If it is your trade, ignorance is not an excuse. A company that sells communication devices must know how to secure them.
I'm a little curious about the "massive" privacy violations. Are we talking security holes that require years of brute force to break, or something that can be hacked in seconds by a script kiddy? Based on the article saying the data is unencrypted, it seems like the latter.
Re: (Score:2)
From the summary:
So I'd say we are talking about backend data that can be hacked in seconds. Except "unauthenticated access" suggests no real hacking is required. That is a huge privacy concern. Fu
Not even half-assed security (Score:2, Insightful)
How hard is it to use https and prepared statements? (I work in a small company and use prepared statements to prevent accidental SQL injection from a stray quote or similar) Why is the history data editable? Did they just give the app access to the database connection?
Re: (Score:2)
It is a German Company.
Germans are Good Engineers.
Engineers are really bad programmers.
Obvious trolling aside....
Like most commercial software products (built anywhere in the world) business owners wants to get the product out the door as fast as possible. And will often rush to release the prototype software as the full live feature. I know by experience that it is very tough to convince executives that while your prototype works and shows off all the features, it will take a few month more of development
Re: (Score:2)
They love to over engineer.
Re: (Score:1)
Oh, it's far worse than that ...
This is straight up "we hired some guy in China who clearl
Re: (Score:2)
The answer to this is simple: Making something work is easy. Making something work securely is hard. Something that's hard to implement takes good engineers. Good engineers cost more money.
Need I go on or is the wall the train of thought is about to hit obvious?
Re: (Score:3)
China doesn't give a fuck about anything. There is one thing China is really good at: Making millions of copies from a design. What they're really NOT good at is designing themselves. Twice so if it's 100% for a foreign market, they don't give even half a shit about anything that doesn't end up in their own country.
Much like everyone else, when you think about it...
Re: (Score:2)
China doesn't give a fuck about anything. There is one thing China is really good at: Making millions of copies from a design. What they're really NOT good at is designing themselves.
I'd say engineering, not designing. For example, China is said to have great automotive designers now. Sure, until fairly recently they just copied everyone else, but not any more.
German admins/developers (Score:2)
"The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data"
"I was just following orders!"
Re: (Score:2)
You're so 1940. Germany 2020 is more akin to "Yes, we COULD of course do that but that costs more. Is there a law that makes us? No? Is there a lawsuit pending if we fuck up? No? Then why the heck are you bothering us with such petty nonsense?"
German manufacturer? (Score:3)
I thought the watches are already banned in Germany since their law identifies them as covert surveillance devices (which are illegal in Germany... unless you're the government, of course)?
But it's about effin' time these security nightmares get outlawed. Dear helicopter parents: Fuck you.
Re: (Score:1)
At least our children privacy is protected when another little girl ends up getting raped in a refugee shelter. Thank god our government has their priorities straight!
Re: (Score:2)
I agree. Guess what, nobody gives a fuck about someone else's kids. I'm already hard pressed giving one about the ones we already have here.
More big government (Score:2, Funny)
Oh look big (huge) EU government interfering in the free market. This will solve nothing that the free market wont solve much better.
RAPEX spotted by tweakers (Score:2)
Huawei (Score:1)
See? That wasn't so hard to figure out from a technical standpoint. It didn't even require the resources of a nation-state to determine what was happening with the data and how easy the spyware, data-harvesting device could be accessed (note: nearly everything nowadays is a spyware, data-harvesting machine).
Instead, we continue to get Smoke & Mirrors with lots of political grandstanding and a "news media" simply parroting the same message with click-baity headlines. The military-industrial-media complex
Other kids watches... (Score:2)
My son got such a watch for Christmas, and upon opening it and trying to read the Engrish, and finding an app that has to be sideloaded by downloading the APK from a web site... I got too skeeved out. Maybe I am just xenophobic. There's nothing inherently wrong with a Chinese app -vs- a Russian app -vs- a British app. The only reason I might trust a US or European app is that there is at least some due process of law. It's pretty unlikely that the Chinese are concerned with the locations of children in
Re: (Score:2)
It's pretty unlikely that the Chinese are concerned with the locations of children in the US
I think that depends on whose kid it is. Kids often travel with their parents, so turning them into tracking devices might be interesting. Especially with the trade war with the USA, some kids might be an interesting target.
Theses devices need to be illegal. (Score:2, Informative)
There is zero legitimate reason to put GPS on a child. The people who actually believe these devices can keep their children safe by keeping track of their location are the worst parents on the face of the planet. If you want to keep track of your kids, do it by actually keeping track of your fucking kids! Not putting a pedophile bait device on them. No kid under the age of 16 even needs a cellphone, let alone a stupid smart watch that doesn't even serve a real purpose for adults. They are complete gimmick