Child-Tracking Smart Watches Vulnerable to Attacks

MiSafe, a smartwatch that allows parents to communicate with and track their children, is extremely vulnerable to attacks, according to security researchers. Personal information like children’s photos, identification information, and locations is at risk of being hacked.

Hackers can easily access MiSafe watches

Ken Munro and Alan Monie, researchers at Pen Test Partners, found that accessible PC software could mimic the app’s communications, allowing hackers to easily change the ID number and access accounts.

“It’s probably the simplest hack we have ever seen…I wish it was more complicated. It isn’t,”

said Munro of the MiSafe watches. Not only can hackers access the device’s data, but they can also change the settings so the watch accepts calls from unauthorized parties. On top of that, the researchers were able to change the caller ID number so hackers could pretend to be the children’s parents.

Although 14,000 unsafe MiSafe watches are in use, MiSafe hasn’t taken any action to recall their watches. Some consumer groups like the Norwegian Consumer Council (NCC) have publicly admonished insecure devices like the MiSafe watches. “This is another example of insecure products that should never have reached the market,” said Gro Mette Moen, the NCC’s director of digital services. Meanwhile, eBay has banned sales of the MiSafe watch due to their security breaches. Despite this response from both public and private sectors, the MiSafe manufacturer and its China-based supplier have not responded to interview requests from the BBC or addressed their security issues.

As advances in technology leave consumers vulnerable to attacks, federal and state laws must play a game of catch up. Currently, only one state has any laws regarding the cybersecurity of connected devices. At the end of September, California passed law SB-327, which requires manufacturers to embed their devices with security features, largely pre-programmed passwords or two-factor authentications. However, it won’t go into effect until January 1, 2020. As most people with connected devices aren’t aware that data is shared across multiple devices, according to a survey from market research company Clutch, many are left vulnerable to attacks.

Aliza Vigderman

Aliza Vigderman

Aliza is a journalist living in Brooklyn, New York. Throughout her career, her work has spanned many intersections within the tech industry. At SquareFoot, a New York-based real estate technology company, she wrote about the ways in which technology has changed the real estate industry, as well as the challenges that business owners face when they want to invest in property. At, an education technology website, Aliza created digital content for lifelong learners, exploring the ways in which technology has democratized education. Additionally, she has written articles for The Huffington Post as well as her own content on Medium, the online publishing platform. Aliza’s love of journalism and research stems from the excellent Journalism program at Brandeis University. At Brandeis, Aliza interned as a research assistant at the Schuster Institute for Investigative Journalism, a non-profit “news room without walls”. There, Aliza was paired with an investigative journalist and used academic databases to obtain data on everything from the suicide rates in Bhutan to local Boston court cases. Her last position was as an account executive at Yelp, educating business owners on the power of technology to increase revenue. Throughout, however, her heart remained with tech journalism, and she’s thrilled to be writing for Security Baron. When she’s not keeping afloat of the latest tech trends, Aliza likes to cook, read, and write. A former high school “Class Clown,” Aliza has completed two feature-length screenplays, a pilot, and countless comedic sketches. On her days off you can find her relaxing in Prospect Park, trying the latest flavors at Ample Hills Ice Cream, and spending time with friends and family.

Trending News

Follow Us