With the help of smart watches, the location of the child can be monitored not only by his parents, but also by malefactors, found out in Doctor Web. The company found a Trojan in the firmware of popular Elari models, and also found out that many smartwatches use a standard password by default to send commands via SMS. Fraudsters can combine such watches into chatbots or use them to spy and blackmail parents, experts say. The watch developers themselves claim that their products do not carry any risks to users.

The safety of children’s smart watches, which are sold in Russia, is at a very unsatisfactory level, the Doctor Web company told Kommersant. For example, the Elari Kidphone 4G smart watch transmits data about the location of the child to its own server located outside of Russia, the company explained. Also, they specified there, a Trojan is hidden in them, which can be used for cyber espionage, displaying advertisements and installing unnecessary and even dangerous programs. According to the M.Video-Eldorado group, Kidphone 4G watches are among the three most popular models in 2021.

Firmware for smartwatches running the Android operating system is often created by third-party companies, and it is highly likely that at one of the stages of production, attackers can inject Trojan or adware into them, explains Doctor Web.

In addition, the firmware of many watches, including the Russian Wokka Lokka, has another problem: they use a standard password for sending SMS commands and there is no function to force it to change when it is turned on for the first time.

Knowing the phone number of the SIM card installed in the watch and using a known password, a potential attacker will be able to gain control over the device and access all the information that the watch collects, the company explains: “For example, he will be able to access data on the location of a child.” If an attacker sees that a child is out of reach, he can send an SMS from an unfamiliar number to his parents that he is in trouble and urgently needs money, says Daniil Chernov, director of the Solar appScreener center at Rostelecom-Solar. Doctor Web has notified manufacturers of vulnerabilities.

Elari’s product director Anton Badayev confirmed to Kommersant that the appeal had been received, but the company did not provide the research methodology. He claims that Doctor Web’s claims are untrue.

“There is no browser on the watch, so the child cannot access the Internet, receive no advertisements and cannot install any application that is presented as a virus. Third-party developers also cannot install anything on them, ”explained Mr. Badayev.

Servers outside the country are needed to determine a more accurate geolocation and do not use personal data, he argues.

Cybercriminals are unlikely to be interested in intercepting data from the watch, usually their goal is to obtain financial gain, says Viktor Chebyshev, cybersecurity expert at Kaspersky Lab. However, according to him, they can combine such clocks into a botnet that will send and receive SMS or “wind up” clicks: “That is, the device itself will“ walk ”through web pages on command from the control center, and each click will bring a certain amount to the owner of the botnet. ” Such functionality, says Mr. Chebyshev, is in demand on the black market.

To enter the smartwatch market, it is enough to purchase ready-made hardware and order software development, says Daniil Chernov. Considering that the main instrument of competition for brands without a world name is the low cost of a gadget, manufacturers do not invest in security, thereby reducing costs, he believes.

According to M.Video-Eldorado, the average bill for children’s smart watches is about 3 thousand rubles. This year, their sales are up 40% in terms of quantity and 42% in value.

In just nine months, the total sales of wearable devices (smart watches and fitness trackers) in Russia reached about 4 million units and 35 billion rubles. Nikolay Petrov, head of the digital technology purchasing department at Citylink, notes that children’s smart watches are especially popular because they help parents to be confident in their child’s safety.

Yulia Stepanova