A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.
The X4 smartwatch is marketed by Xplora, a Norway-based seller of children's watches. The device, which sells for about $200, runs on Android and offers a range of capabilities
[...] [Norwegian security company Mnemonic's researcher, Harrison] Sand's suspicions were further aroused when he found intents with the following names:
- WIRETAP_INCOMING
- WIRETAP_BY_CALL_BACK
- COMMAND_LOG_UPLOAD
- REMOTE_SNAPSHOT
- SEND_SMS_LOCATION
After more poking around, Sand figured out the intents were activated using SMS text messages that were encrypted with the hardwired key. System logs showed him that the key was stored on a flash chip, so he dumped the contents and obtained it—"#hml;Fy/sQ9z5MDI=$" (quotation marks not included). Reverse engineering also allowed the researcher to figure out the syntax required to activate the remote snapshot function.
"Sending the SMS triggered a picture to be taken on the watch, and it was immediately uploaded to Xplora's server," Sand wrote. "There was zero indication on the watch that a photo was taken. The screen remained off the entire time."
(Score: 2, Funny) by Anonymous Coward on Tuesday October 13 2020, @01:36PM (4 children)
The watch is marketed as waterproof and safe to wear in the bath
(Score: 5, Informative) by maxwell demon on Tuesday October 13 2020, @01:56PM (3 children)
I just found some (German language) offer for the watch in question. [smartwatch.de] One of the advertised properties is indeed:
The German word “wasserfest” indeed means water proof. IP68 means safe from dust and from keeping under water for 30 minutes.
Interesting are the following claims on the page:
Translation:
Well, apparently both claims are blatantly false.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Insightful) by Rosco P. Coltrane on Tuesday October 13 2020, @02:03PM (1 child)
Not really:
1/ It's not photo-taking, it's photo-stealing
2/ it's wireless
(Score: 3, Informative) by maxwell demon on Tuesday October 13 2020, @05:30PM
The German word I translated doesn't actually refer to wires, but to listening.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by c0lo on Tuesday October 13 2020, @04:11PM
Honest typo, I suspect. Should've been "kleine" instead of "keine" (grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Funny) by maxwell demon on Tuesday October 13 2020, @01:36PM (2 children)
It's sold as a watch for children. And it contains functionality to watch children. So it's performing as advertised. :-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 4, Touché) by leon_the_cat on Tuesday October 13 2020, @03:23PM (1 child)
everyone is waiting for the touch edition.
(Score: 2) by corey on Tuesday October 13 2020, @10:48PM
(Score: 2, Insightful) by Anonymous Coward on Tuesday October 13 2020, @01:46PM (4 children)
All your "smart" devices are sending the info of you and your children to creepy and possibly evil people. Including the one I'm typing on now. Do people still not know this?
(Score: 3, Interesting) by Rosco P. Coltrane on Tuesday October 13 2020, @02:13PM (3 children)
It's worse than that: people know Big Data exploits rapes their privacy, IoT devices are as a secure as a lamb in a wolf-only club, devices can takes intimate pictures of them or their front door and send them to unaccountable companies, that their sensitive data is regularly "lost" by their government, hospital, social security... and they just don't give a flying fuck.
(Score: 2) by RS3 on Tuesday October 13 2020, @03:01PM (2 children)
The sad and troubling thing, to me anyway, is that even when people are alerted to these things, they don't seem to care. News media should blast this information until much stronger privacy laws and criminal prosecutions for violators start happening.
(Score: 2) by Runaway1956 on Tuesday October 13 2020, @04:52PM (1 child)
Consider for a moment that the news media is partner to the constant flow of data theft. Now don't you feel the tiniest bit silly?
(Score: 2) by RS3 on Tuesday October 13 2020, @05:37PM
Oh look, a beautiful piece of cheese sitting here in the woods. I'm sure it's safe to pick it up- there couldn't be any kind of trap here at all. No sirree. :)
(Score: 2) by Rosco P. Coltrane on Tuesday October 13 2020, @02:01PM (1 child)
Don't think of the children, for once.
(Score: 3, Funny) by Gaaark on Tuesday October 13 2020, @02:18PM
I'm thinking whoever did this IS thinking of the children ALL THE TIME
Someone needs some jail
baittime.--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Troll) by legont on Tuesday October 13 2020, @02:20PM (1 child)
Norwegian? This can not be true. There got to be evil Chinese and Russians here somewhere. Personally supervised by Putin.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 3, Insightful) by Freeman on Tuesday October 13 2020, @05:46PM
Apparently, you didn't look at the article much. It's manufactured in China.
Theoretically, the feature was something the company came up with on their own and the "forgot" to remove it. It's even most likely that's what happened.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Tuesday October 13 2020, @02:23PM (5 children)
Seems to be fully compliant with the 7-eyes: https://soylentnews.org/article.pl?sid=20/10/12/2122249 [soylentnews.org] Can we make a case that anyone advocating for this backdoor is a pedo?
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 13 2020, @04:18PM (4 children)
Thinking about it, for the modern pedo, secret government branches are a much better place to be than the Catholic church. What's a confession chair against a full data hub tap. The church hasn't been untouchable for a century, but no government would allow a scandal to come to light where pedos have been secretly preying along their duties. Arsonists in the fire brigade are common - one might expect similar things here.
(Score: 0) by Anonymous Coward on Tuesday October 13 2020, @07:21PM (2 children)
I invite you to search for the number of UK police who've been done on cheese pizza charges..especially the ones working as cheese pizza specialists..
Oh, whilst you're at it, search on the numbers of members of various Protestant denominations who've been found partaking of the cheese pizza, the CofE is full of the, umm, buggers...
I'll refer you to the actions of the peacefuls in the UK regarding these matters...
Even the frigging Buddhists have been at it..
I know it spoils that good old anti-Catholic narrative, seemingly beloved of USians and Evangelicals the world over, but open your eyes, don't let it blinker you, they're *all* fucking at it.
(Score: 0) by Anonymous Coward on Tuesday October 13 2020, @07:35PM (1 child)
The Catholic Church takes the cake for shuffling around pedo priests, allowing them to avoid extradition, continue abusing children, or worse. Add in the semenaries and you have the perfect child fucking machine.
(Score: 2) by kazzie on Wednesday October 14 2020, @05:30AM
Freudian slip, much?
(Score: 2, Interesting) by Ethanol-fueled on Wednesday October 14 2020, @12:12AM
I think there's more truth to this than just the paranoid aura of the comment. There was a widely-circulated report of CP problems within the Pentagon, including that which was purchased with government credit cards, but for some odd reason only 1 or 2 of the offenders were actually prosecuted for it. From an intelligence perspective, that presents a huge blackmail issue but apparently saving face (and/or maintaining any potential blackmail operation) was more important. It's a bit more difficult to find with searches nowadays and I'm too lazy to dig up the links.
And it's why I'll never accept a security clearance even if offered one on the spot with no hassle -- because closed areas attract a lot of paranoid, short-tempered control freaks and other general weirdo types unpleasant to work with. Plenty of those folks are your S&M types who abuse hard drugs and are closet Antifa-supporters.
Outside of the lower ranks of the military, closed environments are a lot like Scientology, full of unsettling creeps with the full litany of blackmail you filled in the application. And, thanks to Obama, access to all NSA data collected. So you start to see weird shit like (true story) people enlisting for intelligence jobs and then serving 4-year honorable tours of duty polishing doorknobs without ever receiving their clearance. Alternately, you see people with obvious foreign backgrounds and no previous clearance granted clearances in a month while most American candidates without previous clearance wait over a year.
(Score: 1, Informative) by Anonymous Coward on Tuesday October 13 2020, @02:35PM (4 children)
Parents are the ones who want to keep tabs on their kids and this can often be confused with ‘spying’ because, well, it is only spying if it is not the parents doing the spying.
Is probably a beta feature being worked on; find what your kids are doing anytime anywhere.
(Score: 2) by RS3 on Tuesday October 13 2020, @03:05PM (2 children)
That might be true and okay if 1) company can guarantee the thing is UN-hackable, and 2) data will no longer be routed through nor stored on company's servers or anywhere else other than parents' computers / phones.
(Score: 0) by Anonymous Coward on Tuesday October 13 2020, @04:17PM
Since it is stored on their server, can't we cue a kiddie porn raid? Planting the evidence should be easier than ever.
(Score: 4, Funny) by maxwell demon on Wednesday October 14 2020, @07:44AM
You want the company to guarantee that the UN can hack them? :-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Tuesday October 13 2020, @03:51PM
Yes this is to protect child's. My career is an American and very busy sharing the left agenda for lunch. Nice to have this and know safety of child.
(Score: 1) by shrewdsheep on Tuesday October 13 2020, @04:37PM
The ignorance and shortsightedness of politicians knows no limits indeed. In the previous story backdoors were justified by the fight against child abuse and child pornography. This backdoor can be used to fuel the same and future backdoors will happily be exploited to similar ends.
Of course, the reference to child pornography is a cheap decoy, the real motive is control of the population. Politicians need to be exposed for their deceptions. Some probably need to be educated that their support for something they do not understand is inconsistent in itself and they have been tricked by their law enforcement/secret service.