STALK: security analysis of smartwatches for kids
- Smart wearable devices become more and more prevalent in the age of the Internet of Things. While people wear them as fitness trackers or full-fledged smartphones, they also come in unique versions as smartwatches for children. These watches allow parents to track the location of their children in real-time and offer a communication channel between parent and child. In this paper, we analyzed six smartwatches for children and the corresponding backend platforms and applications for security and privacy concerns. We structure our analysis in distinct attacker scenarios and collect and describe related literature outside academic publications. Using a cellular network Man-in-the-Middle setup, reverse engineering, and dynamic analysis, we found several severe security issues, allowing for sensitive data disclosure, complete watch takeover, and illegal remote monitoring functionality.
Author: | Christoph Saatjohann, Fabian Ising, Luise Krings, Sebastian Schinzel |
---|---|
URN: | urn:nbn:de:hbz:836-opus-123548 |
DOI: | https://doi.org/10.1145/3407023.3407037 |
ISBN: | 978-1-4503-8833-7 |
Parent Title (English): | ARES 2020: The 15th International Conference on Availability, Reliability and Security / Editors: Melanie Volkamer, Christian Wressnegger |
Document Type: | Article in Conference Proceedings |
Language: | English |
Date of Publication (online): | 2020/08/11 |
Year of first Publication: | 2020 |
Publishing Institution: | FH Münster - University of Applied Sciences |
Release Date: | 2020/08/12 |
Tag: | Privacy; Security |
First Page: | 1 |
Last Page: | 10 |
Institutes: | Elektrotechnik und Informatik (ETI) |
Publication list: | Schinzel, Sebastian |
Saatjohann, Christoph | |
Ising, Fabian | |
Licence (German): | Zweitveroeffentlichung |