WatchOut Analysis of smartwatches for children October,2017 淘宝店铺 “Vivian研报” 首次收集整理 获取最新报告及后续更新服务请在淘宝搜索店铺“Vivian研报” 或直接用手机淘宝扫描下方二维码 Content Summary ...........3 Critical security faws .3 A false sense of security .......4 Lack of respect for consumer rights .........4 Chaotic market ..4 Summary of terms .......5 Analysis of smartwatches for children ......6 Methodology ......7 Features of the devices .........8 Gator 2.....9 Tinitell ....10 Viksford/ the SeTracker family of smart watches ...10 Xplora ....12 Functional security ...13 Phone features ...........14 Personal data ..14 Consent .14 Changes in user terms .........16 Purpose limitation ....17 Deletion .18 Security in processing and storage ........20 Other problematic issues ...21 Conclusion ........22 Company establishments in Europe/Norway selling the various smartwatches ...........23 User terms .......23 Analysis of smartwatches for children ...24 Summary3 Summary As a part of our work on the Internet of things, the Norwegian Consumer Council (NCC) has analyzed consumer rights in four smartwatches for children. These devices were all bought in Norwegian stores, and are called Gator 2, Tinitell, Viksford, and Xplora. These smartwatches for children are wearable mobile phones that allow parents to use an app on their smartphones to keep in touch with and track the location of their children. Since the main purpose of these devices is to give parents peace of mind while their children play freely outside, we see it as crucial that they maintain adequate security and privacy standards. The project consists of two parts: an analysis of the features of the apps/devices and the accompanying user terms, presented in the WatchOut report, and a technical report commissioned by the NCC and produced by the IT security company Mnemonic. Devices that use the Internet to allow real-time location tracking of, and direct communication with, young children, and which store names, photos and con- tinuous and historic geolocation data, should have strong safeguards in place. This entails not only a high level of security to avoid unwanted access, but also a robust framework to ensure that data protection laws and the privacy rights of children are respected and upheld. Three out of the four watches that were analyzed fall short in both respects. Critical security faws The tests done by Mnemonic have uncovered critical security faws in three of the apps and devices. As detailed in Mnemonics report, two of the devices have faws which could allow a potential attacker to take control of the apps, thus gaining access to children’s real-time and historical location and personal details, as well as even enabling them to contact the children directly, all wit- hout the parents’ knowledge. Additionally, several of the devices transmit per- sonal data to servers located in North America and East Asia, in some cases wit- hout any encryption in place. One of the watches also functions as a listening device, allowing the parent or a stranger with some technical knowledge to audio monitor the surroundings of the child without any clear indication on the physical watch that this is taking place. Summary4 A false sense of security We have also found that the advertised safety-enhancing features, such as an SOS button that alerts the parents if the child is in distress, and a geofencing function that sends an alert whenever the child enters or leaves a designated area, were unreliable. In practice, this means that the device might in fact pro- vide a false sense of security. This is especially disconcerting since the smart- watches are meant to provide peace of mind for the parents who purchase the devices. Lack of respect for consumer rights Inadequate and unclear user terms deny consumers their basic consumer and privacy rights when engaging with these products. Only one of the services actually asks for consent to data collection, none of them promise to notify users of any changes to their terms, and there is no way to delete user acco- unts from any of the services. At least one of the companion (Xplora) apps also allows children’s personal data to be used for marketing purposes, while the other three are unclear about how this information may or may not be used. Additionally, one of the services (Gator) transmits unencrypted children’s location data to China. Together, these issues constitute several breaches of European data protection and consumer protection laws. Chaotic market Additionally, the abundance of smartwatches for children available internati- onally, with cheap Chinese products being imported and rebranded by a vast number of local retailers, makes it diffcult to obtain a clear picture of who is responsible for the various products. For example, several different smartwat- ches for children use the same app as the Viksford watch, the SeTracker app. Some of these devices are seemingly identical to Viksford, but are sold under different names on a worldwide basis. As far as we can tell, all the watches using the SeTracker app have the same security and privacy vulnerabilities as the Viksford. Overall, we have uncovered many serious problems with smartwatches for children. It seems clear that consumers currently should think twice before purchasing these or similar devices. The fndings also serve to illustrate the emerging problems facing consumers in the world of connected devices, and the need to make sure that product safety regulations also apply to products with digital components. 。。。以上简介无排版格式，详细内容请下载查看