Site icon Sophos News

Germany bans sale, distribution and possession of kids’ smartwatches

Ever see Toy Story 3? When Buzz, Woody and friends nearly get sent to their fiery, melty incinerator deaths?

That conveyor belt of plastic death can welcome a new “toy”: Germany has banned kids’ smartwatches, calling them illegal spying devices.

The country’s telecom regulator, the Federal Network Agency, said on Monday that the devices, aimed at kids between 5 and 12 years old, let users eavesdrop on wearers’ conversations and location: a practice that’s banned in Germany.

The regulator is telling parents it’s up to them to destroy the things, and recommends that they should hold on to proof that it’s been carried out.

For any parents unsure of what counts as proof, the regulator also referred them to a page with instructions for obtaining a destruction certificate from a waste management facility, which can be demanded of those who buy, sell, import, distribute or possess the banned devices.

Thus, the smartwatches join the internet-connected doll My Friend Cayla, likewise banned in Germany along with the injunction for parents to destroy it.

My Friend Cayla was fitted with a camera and an artificial intelligence (AI) chip for interpreting children’s emotions: a device that Germany’s privacy watchdog declared was an “illegal espionage apparatus” that parents should destroy.

Jochen Homann, president of the Federal Network Agency, said that parents have been pulling National Security Agency (NSA)-esque surveillance with their kids’ smartwatches:

Parents can use these children’s watches to listen in to the child’s surroundings without detection via an app. The watches are regarded as Unauthorized Transmitting equipment. Our investigations found, for example, that parents were using them to eavesdrop on teachers in lessons.

The watchdog explained that the watches have a SIM card and limited telephony function and are set up and controlled using an app. The user can eavesdrop on the wearer’s conversations and surroundings, unnoticed by anybody near the device. It’s advising schools, in particular, to be aware of what these devices are capable of.

Ken Munro, a security expert at Pen Test Partners, told the BBC that this will be a game-changer for Internet of Things (IoT) devices that are being sold in spite of being dangerously insecure:

Using privacy regulation to ban such devices is a game-changer, stopping these manufacturers playing fast and loose with our kids’ security.

Kids’ smartwatches help parents communicate with their children, and see what they’re doing and where. But according to a report put out by the Norwegian Consumer Council (NCC) in October 2017, that functionality isn’t limited to parents.

Security flaws in some models allow strangers to take control of the devices, enabling them to listen in on a child, talk to them behind their parent’s back, use the watch’s camera to take pictures, track the child’s movements, or give the impression that the child is somewhere other than where they really are.

The Federal Network Agency didn’t say anything about the privacy issues raised in that report, though. It apparently saw enough it didn’t like without them.


Exit mobile version