Low-end Smartwatches Become Privacy Peepers, Posing Risks to Children

Consumer Discretionary Author: EqualOcean News, Xiangru Chen Editor: Tao Ni Mar 17, 2022 11:13 AM (GMT+8)

By embedding luring yet insecure programs in children's smartwatches, engineers can easily access the user's location, call history and even rea-time conversations, jeopardizing users' privacy and security

Heavenly King Watch

According to an investigation by China’s state-owned media, one of the best-selling children's smartwatch brands was found to have embedded a malware disguised as a lottery game, meant to lure unsuspecting underage users.

Reports from the China Central Television, a state broadcaster, showed that the malware operators could gain remote control of the watch after luring children to scan a QR code and play the game.

Every time a child draws a lottery, the program automatically sends out critical information stored in the watch, such as real-time location, address book, call history and even conversations.

This allows the malware operator to monitor the child's movement without interruption and know his or her physical range of activity with ease.

Nonetheless, the CCTV report somehow didn’t name the brand of the smartwatch manufacturer, whose sales topped 100,000 units on e-commerce platforms.

Media reports revealed that outdated operating system Android 4.4 within the watches is chiefly to blame, as it gives permission to whatever request sent by the app without user authorization.

The smartwatch manufacturer chose operating systems over 10 years old to minimize costs, at the expense of user security, bringing unimaginable potential consequences to consumers, said the report.

Other low-end smartwatches tested for the “315” gala, a consumer rights TV show aired on March 15 every year, also are grilled for a spate of problems. 

A children's smartwatch equipped with Android 9, a relatively newer operating system, would show a pop-up message to request permission at the time of installing an app. 

However, once the authorization was rejected, the app would crash and refuse to provide any service, forcing consumers to forgo privacy in exchange for the service.