News

Security company finds another leak that gives access to data from children’s smartwatches

By admin
Spread the love

A security company has found another leak that gave attackers access to the data of tens of thousands of children’s smartwatches. It turned out to be possible to log into the web portal of a manufacturer of children’s watches as an admin.

By changing the value for ‘User(grade)’ from 1 to 0 in the post-request when logging in, users were given access to the admin environment of children’s smartwatch maker Gator, PenTestPartners reports. Subsequently, after a small change, it turned out to be possible to view the data of 35,000 smartwatches of children with 20,000 accounts. There was no check in the backend whether a user should have admin rights.

According to the security company, the same backend is used by several smartwatch makers. The maker of the smartwatches initially did not fix the leak, but closed the security company’s test account. In the second instance, a fix for the leak was released within a few days.

The app now makes contact with the server via a secure connection, something that was not OK before. Despite this, the security company is sticking to the previous advice not to buy a cheap smartwatch for children, because the security does not seem right across the board. It is not the first time that the backend appears to contain major vulnerabilities. The company previously found exploits in 2017.

You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

Senate adopts bill to make doxing a punishable offense

News

Apple withdraws Rapid Security Response security update for WebKit vulnerability

News

European Commission adopts successor to Privacy Shield data transfer treaty

Exit mobile version