Security company finds another leak that gives access

Jan

30

2019

Security company finds another leak that gives access to data child smartwatches
A security company has again found a leak that malicious people had access to the data of tens of thousands of smartwatches of children. It turned out to be possible to log in as admin on the web portal of a manufacturer of children’s watches.

By changing the value for ‘User (grade)’ from 1 to 0 in the post-request when logging in, users were given access to the admin environment of child smartwatch maker Gator, reports PenTestPartners . Then after a small change it became possible to see the data of 35,000 smartwatches from children at 20,000 accounts. There was no check in the backend whether a user should have admin rights.

According to the security company, the same backend is used by several makers of smartwatches. The maker of the smartwatches did not fix the leak initially, but closed the test account of the security company. In the second instance there was a fix for the leak within a few days.

The app now makes contact with the server via a secure connection, something that was not in order before. In spite of this, the security company is sticking to the earlier advice not to purchase a cheap smartwatch for children, because security does not seem to be right across the board. It is not the first time that the backend appears to contain large vulnerabilities. Earlier, the company already had exploits in 2017.

Smartwatch leak at Gator, January 2019

Viewing:-40

In: A Technology & Gadgets Asked By: [22730 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »