FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs
EwDoor botnet targets AT&T network edge devices at US firms
Android banking malware infects 300,000 Google Play users
Finland warns of Flubot malware heavily targeting Android users
Planned Parenthood LA discloses data breach after ransomware attack
Emotet now spreads via fake Adobe Windows App Installer packages
Former Ubiquiti dev charged for trying to extort his employer
Bulletproof hosting founder imprisoned for helping cybercrime gangs
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Kids smartwatch
Researchers analyzed the security of four popular smartwatches for children and found pre-installed downloaders, weak passwords, and unencrypted data transmissions.
The analysis demonstrates that most of these devices arbitrarily collect and periodically transmit sensitive data to remote servers without the user knowing about it.
This finding is worrisome as these devices quickly grow in popularity, with parents purchasing them to monitor their children’s location and activities.
The research was conducted by the Dr. Web antivirus team, which looked into Elari Kidphone 4G, Wokka Lokka Q50, Elari FixiTime Lite, and Smart Baby Watch Q19.
These are all Android-based smartwatches that are very popular in Russia, and their prices cover a wide range of costs.
Dr.Web found that the Elari Kidphone 4G smartwatch has three hidden modules that transmit data to a central location and receive remote commands.
By default, this communication occurs every eight hours, but this can be easily adjusted to a different interval.
The transmitted information includes SIM card info, geolocation data, device info, phonebook contacts, installed apps list, SMS count, and phone calls history.
Dr. Web is concerned that these hidden modules in the Elari Kidphone 4G can be used to install malicious apps, download, install, run, or uninstall apps, and also display ads, all without the owners knowing about it.
“Thus, Android.DownLoader.3894 hidden in this watch can be used for cyber espionage, displaying ads, and installing unwanted or even malicious apps,” Dr. Web states in their research.
The most inexpensive choice is the Wokka Lokka Q50, which costs around $15 and is quite popular as an almost disposable item.
However, the researchers discovered that the watch has a weak default password (‘123456’), and all data transmitted between it and the Russia-based server is unencrypted.
This makes man-in-the-middle attacks very simple to carry out, enabling threat actors to request GPS location via SMS, listen to the wearer’s surroundings remotely, or even change the C&C server address to one under their complete control.
In the case of the Elari FixiTime Lite ($50) and the Smart Baby Watch Q19 ($25), the situation is mixed.
Elari FixiTime Lite transmits sensitive data such as GPS coordinates, voicemails, and photos using the unencrypted (HTTP) data transfer protocol. This unencrypted protocol enables man-in-the-middle (MiTM) attacks that allow attackers to listen in on transmitted data.
While the Smart Baby Watch Q19 uses a weak default password (‘123456’), Dr. Web says the commands that can be used are significantly reduced, making it not much of a risk.
Parents should be cautious when buying a cheap smartwatch for their children due to the inherent risks of Internet-connected gadgets, especially when it allows tracking a child’s location.
Bleeping Computer has contacted Elari and Wokka Lokka to comment on the above, but we have not heard back yet.
Researchers show that Apple’s CSAM scanning can be fooled easily
Tor Browser 11 removes V2 Onion URL support, adds new UI
New Gummy Browsers attack lets hackers spoof tracking profiles
Credit card PINs can be guessed even when covering the ATM pad
Flubot Android malware now spreads via fake security updates
Not a member yet? Register Now
Microsoft Defender scares admins with Emotet false positives
DNA testing firm discloses data breach affecting 2.1 million people
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Yanluowang ransomware operation matures with experienced affiliates

Panasonic discloses data breach after network hackIKEA email systems hit by ongoing…

TellYouThePass ransomware revived in Linux, Windows Log4j attacks

TellYouThePass ransomware revived in Linux, Windows Log4j attacksCredit card info of 1.8…

TrickBot phishing checks screen resolution to evade researchers

Hackers exploit Microsoft MSHTML bug to steal Google, Instagram credsApple sues spyware-maker…

Some Tesla owners unable to unlock cars due to server errors

US regulators order banks to report cyberattacks within 36 hoursHackers deploy Linux…