[Lianyun Network (WeChat: ilieyun) Shanghai] reported on March 15
The 2022 "3·15" party will start on time at 8:00 pm on March 15, and the theme of this year's "3·15" party is: fair and upright, and safe consumption.
Nowadays, children's smart watches have almost become the "standard" for children, with the help of it, parents can easily communicate with their children and grasp the whereabouts of their children. Many low-end versions of children's smart watches are selling well on major e-commerce platforms, and the 315 Information Security Laboratory has carried out special tests on this.
The tester purchased a children's smartwatch with sales records of 100,000+ and gave it to a child to wear, and disguised the download QR code of a malicious program as a lottery game and pasted it on the door of the child's home.
Through such a lottery game, attract children to scan the code experience, so that malicious programs can easily enter the child's smart watch, and engineers can achieve remote control of the watch.
Engineers can locate the child in real time, continuously collect the child's movement trajectory, easily circle the child's range of activities, and even judge: the child's home is close to the school, 5 minutes can be walked; you can also hear the chat content between the child and the family in real time, and see the child doing handicrafts at the desk after school.
Why do children's smartwatches become a pair of voyeuristic eyes?
Testers found that the root cause was that its operating system was too old. This watch uses the Android 4.4 operating system without any permission management requirements, which is nearly 10 years old, and its latest version has been updated to Android 12.
Manufacturers in order to reduce the cost of the consideration, the choice of low version of the operating system, which means that on such a children's watch, after the installation of various Apps, without user authorization can open a variety of sensitive permissions, easy to obtain the child's location, face image, recording and other privacy information, the child's security risks can be imagined.
Also on the Android system mobile phone, when installing the App, the system will have a clear prompt: whether the user agrees to authorize. From the technical point of view, many of the standard requirements of the mobile phone terminal are completely applicable to the smart terminal. It may still be the problem of insufficient attention, so that this type of intelligent terminal has become a hard-hit area in the protection of personal information.
In addition, the 3·15 Information Security Laboratory also tested other low-end versions of children's smart watches. Another children's smartwatch using the Android 9 operating system will prompt whether to grant a permission when installing the App. However, once the user refuses to authorize, the app will flash back and refuse to provide any service. In this way, consumers have only two choices, either not at all, or take all the permissions in exchange for services.
The app's forced claim is very harmful, in order to obtain services, once the user compromises the permission to give it out, the information in the watch will be handed over. Privacy such as children's geographical location, pictures and videos, and call recordings will be collected, and the security risks of children can be imagined.
According to Tianyancha data, there are nearly 14,000 wearable device-related enterprises in the mainland. From the perspective of industry distribution, 52.0% of wearable device-related enterprises are distributed in wholesale and retail trade, another 28.9% are distributed in scientific research and technical services, and 11.3% of related enterprises are distributed in information transmission, software and information technology services. From the perspective of geographical distribution, Guangdong has the largest number of wearable device-related enterprises, nearly 12,000, accounting for 84.9% of the country.
According to the risk data of Tianyancha, 6.1% of wearable device-related enterprises in the mainland have incurred legal proceedings. In addition, more than 1,500 wearable device-related enterprises in the mainland have experienced abnormal operations, more than 180 wearable device-related enterprises have been subject to administrative penalties, and more than 60 related enterprises have serious violations of the law. Among them, enterprises with abnormal operation accounted for 11.0% of the total.