The bottom line is that these watches (including but not limited to brands Gator, Tinitell, and Xplora) have NO security in their database and allow ANYONE to access ANY USER'S DATA without having to log in. This is a year after a Norwegian government report on this, and NOTHING HAS BEEN IMPROVED. This is perhaps the worst example of a saying I frequently roll out: security wasn't an afterthought, it wasn't thought of at all.the Norwegian Consumers Council published the excellent ‘WatchOut’ research that demonstrated trivial access to kids GPS locations through vulnerable tracker watches, including the Gator.It received plenty of press coverage and resulted in several kids tracker watches taking swift action to secure their systems.A year on, we decided to have a look at the Gator watch again to see how their security had improved as a result of their actions.TL; DR
Guess what: a train wreck. Anyone could access the entire database, including real time child location, name, parents details etc. Not just Gator watches either – the same back end covered multiple brands and tens of thousands of watches
In short, if you think it's really cool to be able to know where your kid is at any given moment, realize that Joe Blow can do it, too. And the watch company simply doesn't give a damn.
My recommendation is to throw the damned things into the garbage to keep someone from accidentally using it in the future.
No, the watch companies do give a damn. But their actual customers are not the people who buy them for the children. It is the people who buy the data to track trends and individual children for economic or other reasons.
ReplyDeleteLike those talking spy machines people buy from Google and Amazon... Paying for the privilege of being spied and controlled.
Gator, meet 5 lb sledge!
ReplyDeleteExcellent point! And had my daughter dump the one she gave my grandson.
ReplyDelete