The Norwegian Consumer Council recently observed that several children’s smartwatches featured security flaws, unreliable safety features and a lack of consumer protection.
Sellers of children’s’ smartwatches are being referred to the Norwegian Data Protection Authority for breaching EU’s Data Protection Directive.
In a scathing observation on importers and retailers of children’s smartwatches that fared poorly on security parameters, the Norwegian Consumer Council said that by selling such devices, such people were placing children at risk rather than making them safer which they claim to do.
The Council tested several children’s’ smartwatches in conjunction with security firm Mnemonic, following which it announced that it is referring the manufacturers to the Norwegian Data Protection Authority for breaching EU’s Data Protection Directive as well as the Directive on unfair terms in consumer contracts.
‘It’s very serious when products that claim to make children safer instead put them at risk because of poor security and features that do not work properly. Importers and retailers must know what they stock and sell. These watches have no place on a shop’s shelf, let alone on a child’s wrist,’ said Finn Myrstad, Director of Digital Policy at the Norwegian Consumer Council.
The Council also noted that despite such findings and the fact that such firms were warned about their products on the market, the watches are still being actively promoted across Europe.
Critical flaws in smartwatches for children
After testing some children’s smartwatches, the Council concluded that they feature critical security flaws that allow hackers to take control of a watch, track it, and use it to communicate with a child. Since data transmitted by such smartwatches are not encrypted, hackers can even make it look like a child is somewhere it is not.
At the same time, the authorities noted that apps associated with such smartwatches lacked terms and conditions, and users couldn’t even delete their data or their accounts from such devices. The SOS and alerts functions were also unreliable and hence endangered a child’s security.
‘As smart devices permeate all aspects of our lives, the burden of properly securing them must fall squarely on product manufacturers, software developers and network providers. After all, it makes sense that those developing and profiting from smart tech should be held responsible for ensuring that their products and services pose no risk to end user security or privacy; especially when children are involved,’ says Thomas Fischer, Global Security Advocate at Digital Guardian.
‘What we really need to see is far more stringent rules to force manufacturers to build security into their devices. Part of the responsibility also lies with the network providers. These companies control the updates, configuration settings and network access for such devices and it is therefore important that they are taking measures to monitor this,’ he adds.