According to a recent report, nearly all GPS-enabled smartwatches share a cloud platform developed by the Chinese white-label electronics maker Thinkrace, which is one of the largest manufacturers of location-tracking devices.
The popular platform works as a back-end system for GPS-enabled devices, storing and retrieving locations and other device data.
One relabeled child tracking smartwatch let parents and their kids talk to each other, like a walkie-talkie. But the voice snippets were recorded and stored on an insecure cloud. There were millions of voice snippets stored for anyone to access.
— Zack Whittaker (@zackwhittaker) December 18, 2019
More: https://t.co/H5rMmvVYIo pic.twitter.com/5WX6e1zFfm
The problem is, the company does not only sell these child-tracking watches to parents who want to keep tabs on their children. Thinkrace also sells them to third-party businesses, which then repackage and relabel the devices with their own branding to be sold on to other consumers.
PWNED: Smart watches worn by tens of millions of children could be leaving their location information and voice messages vulnerable to hackers...
The watches are made by Chinese firm Thinkrace, which manufactures watches for several different companies. https://t.co/HpZgmRVDSA— RR Apple (@RRalstonAgile) December 19, 2019
Tech experts say that the commands that control the devices do not require authorization and the commands are well documented, allowing anyone with basic knowledge to gain access and track a device.
Due to the fact that there is no randomization of account numbers, experts found they could access devices in bulk simply by increasing each account number by one.
that’s a big yikes from me
— Foo ?????️?? (@foofoxtweets) December 18, 2019
horrifying.
— Misneach (@saint_justice) December 18, 2019
Since the story broke the internet, parents began having second thought about buying these seemingly convenient smartwatches for their children.
when I looked into them from the app side, every one of them was awful and almost certainly cobbled together as cheaply as possible
— Will Strafach (@chronic) December 18, 2019
