Watch CBS News

Kids' smartwatches sold on Amazon can be hacked

Smartwatches for kids on Amazon can be hacked
Smartwatches for kids on Amazon can be hacked 01:18

Thinking of gifting your kids a smartwatch this holiday season? You might want to check that list again. Smartwatches for children that were purchased on Amazon are vulnerable to hackers, allowing them to track and even communicate with children, according to cybersecurity research firm Rapid7. 

Although there are dozens of smartwatches geared to kids, researchers randomly chose three devices on which to focus: Children's SmartWatch, G36 Children's Smartwatch and SmarTurtles Kid's Smartwatch

The brightly hued watches let parents monitor children's whereabouts as well as eavesdrop on them through the built-in camera and microphone. 

"Our smartwatch for kids has a remote camera and voice monitor that lets you know what your kid is doing any time of day," reads the description for one device. "Simply dial the number and the smartwatch for boys will automatically answer, letting you secretly watch and hear what your kid is doing." 

But while the ability to track their children may give parents ease of mind, analysts discovered the devices are poorly secured. Hackers who are able to figure out the watches' default passwords, typically a six-figure numerical pin that reads "123456," can easily access the phones to configure settings so they are the ones able to eavesdrop on users.

Making matters worse is that the devices lack clear instructions for changing passwords, according to Rapid7.

Parents concerned internet-connected toys put kids' privacy at risk 03:06

The smartwatches also come with "filters" so that, in theory, only parents' phone numbers can be used to communicate with the devices and configure settings, like toggling the "SOS" alarm button on or off. But researchers said the security measure was faulty. 

"The filter was not working," Deral Heiland, the Internet of Things research lead at Rapid7, told CBS MoneyWatch. "Literally, any stranger could communicate with a smartwatch." 

Apart from the watches' weak security, researchers also pointed out the lack of transparency from "white label" vendors that put their logos on products that originated from separate services. Researchers found that many smartwatches, listed on Amazon under different storefronts, actually came from the same manufacturer in China, which could explain why the devices have similar security issues. 

Researchers found that two of the three brands did not operate separate websites for their devices, and none of the three listed privacy policies. 

As a solution, Rapid7 urged parents to purchase smart devices that come from recognized brands with clearly disclosed privacy policies.

"Security problems are going to come up," Heiland said. "They're not uncommon. But companies that have a brand to protect have better policies around patching and technology, so that when researchers like us do find something, those companies are more responsive to fixing things quickly." 

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.