Are Children Safe with Smart Watches? : Security Analysis and Ethical Hacking on Children’s Smart Watches

Sammanfattning: There are more and more parents that are considering to purchase smart watches for their kids. The children’s smart watches on the market are usually equipped with many practical functions like the GPS positioning, the camera and the messaging. Among all the smart watches for children, the ones that can be connected via a mobile application called SeTracker are popular for the acceptable prices. These smart watches may have different brands although they come from the same manufacturer company and share the common service and database. The security of the mobile application is essential to the security of the products. But are they designed in a secure way? There were reports about vulnerabilities of the products previously. Unfortunately, the security requirements do not stop upon solving those vulnerabilities. In this project, it was found that the parents can track the kids and communicate with them through the mobile application, but their accounts might be logged on the attacker’s phone at the same time. And it is surprisingly easy to get the password of the users because it is stored in a local file using simple substitution cipher. There are other examples of insecure design in the products. Among them are the unlimited attempts to send and enter verification codes used for changing the password. It seems that the server does not have a complete logging and monitoring mechanism to prevent abnormal behaviors. The security analysis and penetration testing of this project would provide an example of the mobile hacking, and it will also raise a warning on the security of smart devices.