The child-tracking smartwatch MiSafes is surprisingly easy to hack. One security researcher discovered that the smartwatches have failed to encrypt or secure the user’s data. This allows hackers to easily access the child’s personal information, including their photos, their location, and their parents’ phone numbers.
MiSafes’ first became available on the market in 2015. It tracks children using its own global positioning system, as well as a 2G mobile data connection. The smartwatch is designed to let the child’s parents see where their child is at all times via a convenient smartphone app. It also permits parents to establish a “safe zone,” to be notified if their child has left the zone, and to listen in on their child’s activities at any time.
However, MiSafes’ can easily be hacked to reveal the child’s location, to listen in on them, and to call them under the guise of their parents’ phone numbers due to its limited security measures. Ken Munro and Alan Monie of Pen Test Partner’s tested the smartwatches’ security limits using readily accessible PC software to imitate the app’s communications. Munro and Monie were able to use the software to change the device’s ID number, which granted them entry into other users’ accounts.
Through their simple hack, Munro and Monie were able to view MiSafes’ registration data, which includes the child’s photo, name, gender, birth date, height, weight, parent’s cell phone numbers, and the Sim card’s phone number. Munro and Monie told BBC that “it’s probably the simplest hack we have ever seen.”