Receive our newsletter – data, insights and analysis delivered to you
  1. Uncategorised
February 5, 2019updated 23 Dec 2019 10:18am

Child-tracking smartwatch recall shows why IoT security shouldn’t be an afterthought

The EU has recalled a smartwatch over concerns that a security flaw could let a malicious user locate children wearing the watch, highlighting the danger of manufacturers rushing internet-connected devices to market without paying due diligence to IoT security.

By Robert Scammell

The EU has recalled a smartwatch over concerns that a security flaw could let a malicious user locate children wearing the watch, highlighting the danger of manufacturers rushing internet-connected devices to market without paying due diligence to IoT security.

The recalled product is Safe-KID-One and is made by German electronics vendor ENOX. It is designed to help parents contact and locate their children, as well as providing an emergency call function.

The smartwatch recall was published last week in a RAPEX (Rapid Alert System for Non-Food Products) alert that was picked up by Dutch news site Tweakers.

The European Commission’s RAPEX alert stated:

“The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed.

“A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.”

Content from our partners
Precision wire: The future of bespoke medical treatment
Why this global life sciences COO believes relocation to Charleston, SC, was key to achieving next-level success
“This technique means everything to us”: How CGM devices empower users 

It added that the product does not comply with the EU’s Radio Equipment Directive, a regulatory framework that includes protecting privacy and personal data.

recalled smartwatch

The ENOX watch was designed to help parents keep their children safe. Credit: European Commission

Smartwatch recall: “Businesses need to build security in at the core”

Cesar Cerrudo, CTO at ethical hacking company, IOActive, said that the smartwatch recall shows the dangers of rushing an IoT device to the market “without proper consideration of privacy”.

The global number of IoT devices currently stands at around 23 billion and is expected to rise to over 40 billion by 2022, according to Statista.

As the number of devices increases, so too does the scope for malicious actions – especially if security is not built in from the start.

“We are connecting more and more of these devices to the internet and manufacturers are really not applying due diligence, which in the long run will be really costly,” added Cerrudo.

“While they may get the upper hand in beating the competition to get products to market, they lose out in the long run.

“Fines and the reputational damage – and in this case product recalls – can have a huge impact on revenues and consumer trust. Businesses need to build security in at the core of their solution, during the design phase, not as an after-thought.”

In October last year, the UK government launched a voluntary code of practice to encourage manufacturers to improve the security of IoT devices.


Read more: The future of IoT: Greater benefits come with greater risks

Related Companies

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday. A weekly roundup of the latest news and analysis, sent every Friday. The medical device industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU