Advertisement
Saturday, Nov 27, 2021
Outlook.com
Outlook.com

Chinese firm''s smartwatch tracker for the elderly at hacking risk

Chinese firm''s smartwatch tracker for the elderly at hacking risk
outlookindia.com
1970-01-01T05:30:00+0530
Chinese firm''s smartwatch tracker for the elderly at hacking risk

New Delhi, July 14 (IANS) Security researchers have disclosed a set of serious security flaws in a smartwatch tracker by Chinese developer 3G Electronics for the elderly and the vulnerable, especially those with dementia or other cognitive impairments.

Anyone with some basic hacking skills could track the wearer, audio bug them using the watch, or perhaps worse, could trigger the medication alert as often as they want.

"A dementia sufferer is unlikely to remember that they had already taken their medication. An overdose could easily result," said cybersecurity experts from Pen Test Partners.

The SETracker app, which is required to be used with the smart watch, allows an unrestricted server to server API which could be used by bad actors to hijack the SETracker service like changing device passwords, making calls, sending text messages, conducting surveillance, and accessing cameras embedded in devices.

The app is available on iOS and Android and has been downloaded over 10 million times.

The same manufacturer also makes tracker watches for children on the same cloud platform which are also probe to hacking.

Is this yet another cheap Chinese kids GPS watch story?

"No, this is much more than just kids'' watches. The SETracker platform supports automotive trackers, including both car and motorcycle, often embedded in audio head units and dementia trackers for your elderly relatives. The vulnerabilities discovered could allow control over ALL of these devices," warned the researchers.

Pen Test Partners alerted 3G Electronics about the security flaws which, the company claims, have now been fixed.

"However, the cyber attack was possible for a considerable time. We have no idea whether it had been exploited by anyone else, as we would have had to compromise their servers to discover this, which we didn''t have permission to do," said security researchers.

Pen Test Partners said that they advised 3G Electronics "that they may need to notify the relevant regulatory bodies due to the potential breach of personal data".

According to Boris Cipot, Senior Security Engineer at Synopsys Software Integrity Group, there is no doubt that the exposure of such data could turn our lives upside down, but they don''t quite compare to cases where human life itself is at stake.

"As one of the functionalities of the smartwatch is to remind the user to take their pills, the attacker could simply trigger more alerts than permitted; therefore, endangering the user''s life as they could overdose. This is just one example of how the device could be manipulated," Cipot told IANS.

Sending fraudulent messages, controlling SMS traffic, blocking the GPS trackers on the watch or even accessing the camera as well as images on these devices are only some of the many capabilities the attacker could abuse.

"Furthermore, the publicly available source code for some applications has serious flaws affecting hardcoded credentials, server information of the SETracker ecosystem database access and more," he added.

The good thing is that 3G Electronics removed the problems and changed the exposed passwords.

However, this should be a wakeup call to every IoT provider; overlooking product security and quality can have a huge impact on many lives, said Cipot.

--IANS

na/


Disclaimer :- This story has not been edited by Outlook staff and is auto-generated from news agency feeds. Source: IANS

More from Website

ISL 2021-22: ATK Mohun Bagan Hammer East Bengal In Season's First Kolkata Derby

ISL 2021-22: ATK Mohun Bagan Hammer East Bengal In Season's First Kolkata Derby

ATK Mohun Bagan produced a clinical display in the Kolkata derby to beat East Bengal 3-0. The win helped Antonio Habas' men jump to the top of the ISL 2021-22 table with six points from two matches.

South Africa Vs Netherlands ODI Series Called Off Due To New Variant Of Coronavirus Omicron

South Africa Vs Netherlands ODI Series Called Off Due To New Variant Of Coronavirus Omicron

The Netherlands were touring South Africa for a three-match ODI series as part of the ICC's World Cup Super League.

IND Vs NZ: ‘Never Saw Myself As White-Ball Specialist,’ Says Axar Patel After 5/62 Against Kiwis

IND Vs NZ: ‘Never Saw Myself As White-Ball Specialist,’ Says Axar Patel After 5/62 Against Kiwis

Axar Patel's five wickets against New Zealand on Day 3 turned the tide in India's favour as the Kiwis lost nine wickets for 99 runs despite having a 151-run opening wicket stand in Kanpur.

More from Outlook Magazine

Of Protests, Heart Attack And Success: 74-Year-Old Farmer Recalls Her Journey From Amritsar To Singhu

Of Protests, Heart Attack And Success: 74-Year-Old Farmer Recalls Her Journey From Amritsar To Singhu

A 74-year-old woman from Amritsar narrates how she braved social prejudice, bitter cold and a heart attack to stay put at Singhu border with other protestors.

Dissent Is A Work Of Art

Dissent Is A Work Of Art

As a medium of ethical intervention, art has been pivotal in conveying messages of recent protests to the masses

From Arab Spring To Anti-Covid Stir, How The World Is Protesting

From Arab Spring To Anti-Covid Stir, How The World Is Protesting

Democracy is straining at the seams as authoritarian governments across the world lock horns with citizens.

Advertisement

Outlook Newsletters

Advertisement
Advertisement