Slashdot Mirror
TicTocTrack Smartwatch Flaws Can Be Abused To Track Kids (threatpost.com)
secwatcher shares a report from Threatpost: A popular smartwatch that allows parents to track their children's whereabouts, TicTocTrack, has been discovered to be riddled with security issues that could allow hackers to track and call children. Researchers at Pen Test Partners revealed vulnerabilities in the watch (sold in Australia) on Monday, which could enable hackers to track children's location, spoof the child's location or view personal data on the victims' accounts. The parent company of the TicTocTrack watch, iStaySafe Pty Ltd., has temporarily restricted access to the watch's service and app while it investigates further. Researchers found that the service's back end does not make any authorization attempt on any request -- besides the user having a valid username and password combination. That means that an attacker who is logged into the service could remotely compromise the app and track other accounts that are based in Australia.
The smartwatch, available in Australia for $149 (USD), is designed for children and uses GPS to track the movement of the wearer every six minutes, and offers voice calling and SMS features. The smartwatch's API can be attacked by changing the FamilyIdentifier number (which identifies the family that the user belongs to), which then could give a bad actor complete access to the user's data -- including the children's location, parent's full names, phone numbers and other personal identifiable information. Researchers with Pen Test Partners collaborated with security researcher Troy Hunt to test the attack. Hunt uploaded a video showing how the smartwatch vulnerability could be exploited to call his daughter -- and how her smartwatch would answer automatically without any interaction needed from her end.
The smartwatch, available in Australia for $149 (USD), is designed for children and uses GPS to track the movement of the wearer every six minutes, and offers voice calling and SMS features. The smartwatch's API can be attacked by changing the FamilyIdentifier number (which identifies the family that the user belongs to), which then could give a bad actor complete access to the user's data -- including the children's location, parent's full names, phone numbers and other personal identifiable information. Researchers with Pen Test Partners collaborated with security researcher Troy Hunt to test the attack. Hunt uploaded a video showing how the smartwatch vulnerability could be exploited to call his daughter -- and how her smartwatch would answer automatically without any interaction needed from her end.
I tried calling his daughter but for some reason she never picks up. On the plus side, I was able to use the watch to have his Tesla pick me up and give me a ride to work. 3 stars, would buy again.
Wasn't this one of the key selling points?
To the clients aswell as the livestock.
There is zero difference between an average human 5,000 years ago and one today.
If you had given these "magical devices" that people buy today to people back then, they would've found them amazing and used them, with zero thoughts being given to the horrible privacy and security issues which have completely ruined life for those of us who don't want to be constantly recorded by 36 different cameras, mics and sensors of all kinds no matter where we are.
I hate this idea that a lot of people have that they are so "smart" and "developed" and "sophisticated" when, in reality, they are just as dumb as they were long, long ago, and nothing more than stupid animals who couldn't think an original thought to save their life.
I hate people in general for being the same dumb sheep as they always have, and I hate you supposedly intelligent "tech people" for allowing these evil scumbags to ruin this already shitty world even further. No, the so-called "benefits" to NOT outweight the fact that I can no longer leave the house without countless assholes live streaming the street outside their window or walking around with a surveillance device with absolutely no regard for my privacy.
Fuck this world.
"There is zero difference between an average human 5,000 years ago and one today." Eh, false. If anything 500 years ago the majority of people were significantly less fat. Lazy consumerist autopilot Republicanism leads to decline of course.
That's why red states are the fattest and laziest of all. We stopped punishing the abomination of slothful morally degenerative pseudo-conservatism.
If they treat it as a consumer product, there should be a minimum set of security guidelines and steps a company is required to take. None of this "license agreement" crap.
However, writing down the guidelines and steps in a clear-cut way into law is difficult. If the text is too specific, then companies find a way around them, and if they are too general, they are messy and expensive to enforce, for both sides. This includes abuse of law against the company. A fuzzy cannon shoots out of both ends.
Table-ized A.I.
Can you tell me how that even connects to what I said, so I can get offended?
As it is, I can't even see how you meant to attack me.
I don't even get the point of a wrist watch. I'm over 13. I have real achievements to give my life value.
If you want to make fun of me, I'm sure me near-constand nudity and constant barefootedness are enough. I'm sure those are too far beyond you to not seem ridiculous to your small mind.
...doesn't mean literally everyone is.
You're just in the USA.
People really *are* morons there.
There's still a few non-morons out there here in central/northern/eastern Europe. Just come and check for youself. ... well ...
Of course that requires you to not be a moron either. And there
d888888b d8888b. db .
~ 88 ~ 88 `8D. 88 .
. 88 . 88oobY' 88 .
. 88 . 88`8b . 88 .
. 88 . 88 `88. 88b_ d88 88. 88
. YP . 88 . YD ~Y8888P' YP. YP
VP. `8D
j88.. . `88. d8' j88.. . `88. d8'
888888D. `Y88P'. 888888D. `Y88P'
Don't you have anything better to do in your $1 house than constantly post this spam? Are you really that desperate for attention that you feel the need to constantly stalk and harass SuperKendall, raymorris, and ShanghaiBill? The answer appears to be yes, though your efforts would be better spent completing a MacOS version of your toy string sorting program.
Your spam and harassment is unwelcome, Alexander. You've harassed many other users, too, including Subie, Ol Olsoc, webmistressrachel, c6gunner, Zontar The Mindless, amicusNYCL, Coren22, and so many others. Isn't it time you stop being such a bitter crybaby and do something useful with your life? Although your string sorting program (APK Hosts File Engine) is complete shit, working on it would still be better than crapflooding Slashdot.
Grow up, APK. You're 54 years old. Act your damn age.
TRUMP WINS PRISON! Life (and death) in prison, followed by burial UNDER IT! TREASONOUS FAGGOT KIDS TOO! Yesssss... Alllll the Drumpftard traitors will die in the prisons, then America will in deed be great once again.
#ROPE IS COMING GOP!
https://www.huffpost.com/entry/trump-mental-health-pre-dementia_n_5ca51ea2e4b0409b0ec32806
It's a tech news site. Why not post some interesting comments instead of the inane spam?
Or if you just want to make everything shit, you can go around your neighborhood at night smearing your own feces on nearby cars and houses. A real-life version of what you do on this website.
Lets see what the fuhrer in chief is really up to! :O)
You sure told him, Sasha! How's the weather in Kiev today?
This is the second time this has happened with this company, now in Australia. And it was the same exact security flaw IIRC.
Suddenly, I am reminded of a scene in a recent Simpsons episode, where a bunch of girls were about to destroy all of the old masters of every Itchy and Scratchy episode ever made. Krusty then smugly tells the girls "We have backups everywhere", and then Krusty looks at his archivist and the archivist responds "Um actually, no, we didn't make backups".
Krusty then flakes out and screams "Then what the HELL am I paying you for?!". We get to see Krusty slap the shit
out of the bogus 'archivist' as Bart and Lisa one again saves the day.
The execs running Gator corp. need to do the exact same thing to their bogus security team.
Since you're too special to be bothered keeping up with events: It's Trump's lackeys who've been going to prison for collusion with Ukrainian (and Russian) sugardaddies, knothead.
And yes, I said "collusion". What a beautiful word.
1. Google are already tracking your children.
2. Real and robocallers can already call your children, and pretty much anyone with a phone.
Since you're too special to be bothered keeping up with events: It's Trump's lackeys who've been going to prison for collusion with Ukrainian (and Russian) sugardaddies, knothead.
And yes, I said "collusion". What a beautiful word.
weather in Kiev, ....very good... very cold...you should try! I give you tour...
You bring APK and ShanghaiBill...
I have tools.. AND
I bring snacks... we all have good time!
- Igor
There is zero difference between an average human 5,000 years ago and one today.
If you had given these "magical devices" that people buy today to people back then, they would've found them amazing and used them, with zero thoughts being given to the horrible privacy and security issues which have completely ruined life for those of us who don't want to be constantly recorded by 36 different cameras, mics and sensors of all kinds no matter where we are.
I hate this idea that a lot of people have that they are so "smart" and "developed" and "sophisticated" when, in reality, they are just as dumb as they were long, long ago, and nothing more than stupid animals who couldn't think an original thought to save their life.
I hate people in general for being the same dumb sheep as they always have, and I hate you supposedly intelligent "tech people" for allowing these evil scumbags to ruin this already shitty world even further. No, the so-called "benefits" to NOT outweight the fact that I can no longer leave the house without countless assholes live streaming the street outside their window or walking around with a surveillance device with absolutely no regard for my privacy.
Fuck this world.
AND THAT is why we "tech people" need to start giving a damn about WHERE we work and WHAT we do...
If zero fucks are given, then we get what we have today...
Imagine if all the hackers/etc and all the employees at Google, Amazon, Facebook, Microsoft, NSA etc... all said HELL NO... each time they were required to create something unethical? Then we would NOT be in this mess we are in now..
but NO... some people have to shit all over everything because it is "fun" in that precise moment... but they do not think about how their actions can destroy our civiliazation as a whole...
atleast shitposting on /. does not do any permanent harm AND can be quite funny
This is hardly the first report of kids' smartwatches being insecure tracking devices. We've heard that in 2017, in 2018 again, quite bluntly, if you haven't heard it by now, you probably don't give a rat's ass about your kids' privacy.
Then again, buying such a watch is already a pretty good indicator that you don't give a fuck about your kids' privacy, so...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Hey asshole trying to FRAME me, tell you what: ANYTIME you want to accuse me of the bs lies you're spouting, meet me face to face & do it - I will fucking END you motherfucker...
* I SHIT YOU NOT!
(You PUSSCAKE PUNK hiding behind UNIDENTIFIABLE anonymous posts weezil)
APK
P.S.=> I will FRACTURE YOUR SKULL cocksucker - guaranteed... apk