FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs
EwDoor botnet targets AT&T network edge devices at US firms
Android banking malware infects 300,000 Google Play users
Finland warns of Flubot malware heavily targeting Android users
Planned Parenthood LA discloses data breach after ransomware attack
Emotet now spreads via fake Adobe Windows App Installer packages
Former Ubiquiti dev charged for trying to extort his employer
Bulletproof hosting founder imprisoned for helping cybercrime gangs
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Kids smartwatch
Researchers analyzed the security of four popular smartwatches for children and found pre-installed downloaders, weak passwords, and unencrypted data transmissions.
The analysis demonstrates that most of these devices arbitrarily collect and periodically transmit sensitive data to remote servers without the user knowing about it.
This finding is worrisome as these devices quickly grow in popularity, with parents purchasing them to monitor their children’s location and activities.
The research was conducted by the Dr. Web antivirus team, which looked into Elari Kidphone 4G, Wokka Lokka Q50, Elari FixiTime Lite, and Smart Baby Watch Q19.
These are all Android-based smartwatches that are very popular in Russia, and their prices cover a wide range of costs.
Dr.Web found that the Elari Kidphone 4G smartwatch has three hidden modules that transmit data to a central location and receive remote commands.
By default, this communication occurs every eight hours, but this can be easily adjusted to a different interval.
The transmitted information includes SIM card info, geolocation data, device info, phonebook contacts, installed apps list, SMS count, and phone calls history.
Dr. Web is concerned that these hidden modules in the Elari Kidphone 4G can be used to install malicious apps, download, install, run, or uninstall apps, and also display ads, all without the owners knowing about it.
“Thus, Android.DownLoader.3894 hidden in this watch can be used for cyber espionage, displaying ads, and installing unwanted or even malicious apps,” Dr. Web states in their research.
The most inexpensive choice is the Wokka Lokka Q50, which costs around $15 and is quite popular as an almost disposable item.
However, the researchers discovered that the watch has a weak default password (‘123456’), and all data transmitted between it and the Russia-based server is unencrypted.
This makes man-in-the-middle attacks very simple to carry out, enabling threat actors to request GPS location via SMS, listen to the wearer’s surroundings remotely, or even change the C&C server address to one under their complete control.
In the case of the Elari FixiTime Lite ($50) and the Smart Baby Watch Q19 ($25), the situation is mixed.
Elari FixiTime Lite transmits sensitive data such as GPS coordinates, voicemails, and photos using the unencrypted (HTTP) data transfer protocol. This unencrypted protocol enables man-in-the-middle (MiTM) attacks that allow attackers to listen in on transmitted data.
While the Smart Baby Watch Q19 uses a weak default password (‘123456’), Dr. Web says the commands that can be used are significantly reduced, making it not much of a risk.
Parents should be cautious when buying a cheap smartwatch for their children due to the inherent risks of Internet-connected gadgets, especially when it allows tracking a child’s location.
Bleeping Computer has contacted Elari and Wokka Lokka to comment on the above, but we have not heard back yet.
Researchers show that Apple’s CSAM scanning can be fooled easily
Tor Browser 11 removes V2 Onion URL support, adds new UI
New Gummy Browsers attack lets hackers spoof tracking profiles
Credit card PINs can be guessed even when covering the ATM pad
Flubot Android malware now spreads via fake security updates
Not a member yet? Register Now
Microsoft Defender scares admins with Emotet false positives
DNA testing firm discloses data breach affecting 2.1 million people
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

Windows 11 KB5008295 emergency update fixes built-in app mess

State hackers breach defense, energy, healthcare orgs worldwideElectronics retail giant MediaMarkt hit…

Garrett walk-through metal detectors can be remotely manipulated

Russian hackers made millions by stealing SEC earning reportsThreat actors steal $80…

Most SS7 exploit service providers on dark web are scammers

US, UK warn of Iranian hackers exploiting Microsoft Exchange, FortinetRussian ransomware gangs…

Interpol arrests over 1,000 suspects linked to cyber crime

Hackers exploit Microsoft MSHTML bug to steal Google, Instagram credsApple sues spyware-maker…