FTC Asked To Investigate Hackable Kids' Smartwatches

The Norwegian Consumer Council and Mnemonic, a security company, revealed that several brands of smartwatches made for children are easily hackable. In response to these findings, U.S. privacy groups have asked the Federal Trade Commission (FTC) to investigate the products' makers.

These watches are equipped with GPS capabilities that are supposed to let parents keep track of their children's locations. The Norwegian Consumer Council and Mnemonic tested the security of four of these watches; three had serious flaws. Mnemonic said in its announcement that the vulnerabilities are "not technically difficult to exploit, and in two cases, allow a third party to covertly take control over the watch."

Taking over these watches, or merely peeking at the location data they gather, could endanger children. That's the exact opposite of what these devices are supposed to do. Quoth the Norwegian Consumer Council in its own press release on the findings:

“It’s very serious when products that claim to make children safer instead put them at risk because of poor security and features that do not work properly,” says Finn Myrstad, Director of Digital Policy at the Norwegian Consumer Council. “Importers and retailers must know what they stock and sell. These watches have no place on a shop’s shelf, let alone on a child’s wrist.”

Yet at this point, the fact that these watches are easily compromised shouldn't come as a shock to anyone. Here's the common sequence of events: An internet-connected product is released, purchased by a bunch of people, and then hacked. It's gotten to the point where the FBI warned parents not to buy internet-connected toys without vetting them first, and Mattel preemptively canceled a kid-focused IoT device called "Aristotle."

There were more concerns about some of the devices. In addition to putting children's data at risk of being hacked, several of the companies' terms and conditions violate the Norwegian Marketing Control Act and the Personal Data Act by not allowing accounts to be deleted, or they were simply lacking terms and conditions. That means the data collected by these watches is just waiting to be abused to suit the companies' own purposes.

That's why the Electronic Privacy Information Center (EPIC), The Center for Digital Democracy, and other U.S. privacy groups asked the FTC to investigate the Norwegian Consumer Council and Mnemonic's findings. In a letter, the groups said "this is a real risk to children's safety" and urged the regulator to be more proactive in protecting kids from companies like this.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • JonDol
    "These watches have no place on a shop’s shelf"

    I always said that crap shouldn't be on any store shelves no matter how cheap it is.
    For this reason I prefer to buy things from a local retailer/e-tailer instead of buying them somewhat cheaper directly from aliexpress or similar since serious retailers filter out the crappiest quality. I no longer look to see if the same product is cheaper on aliexpress than on the retailer's web site because that extra the retailer is asking, is a fair price to pay for his effort to filter out the lowest quality.
    did I see a "quoth" in there?

    defective verbs...nevermore ;)
  • sinewave242
    Tracking... tracking everywhere. Isn't this one a bit over the top? Tracking via GPS just ticks me off... It's a big privacy concern.