A Chinese-made smartwatch designed for tracking children’s location seems to have a serious security flaw. The SMA M2 smartwatch that is supposed to keep children safe by allowing parents to track them and even have two-way conversations, is leaking the location of over 5000 kids to other sources, reports ZDNet.
The watch is still available in the market in spite of all the major security issues. AV-Test, which spent two years testing the security of smartwatches for children, was able to find the location of a large number of wearers and identify around 10,000 accounts of their parents. The team used a publicly-available API to access the web IDs, just like the smartwatch’s web app that parents use to check the location of their children. The API revealed the location, device type, SIM card and IMEI numbers of the parents’ smartphone. The danger is that someone could use the API to pair their device with a child’s watch. They could then track the child on a map, or they could even start voice chatting with the child.
“The Chinese SMA-WATCH-M2 tops the security failures of other manufacturers by far,” said Maik Morgenstern, CEO and Technical Director of AV-TEST. Most of the devices are in central and western European countries such as Poland, Turkey, Germany, Spain, and Belgium. The SMA Smartwatch M2 is still widely available with online retailers.