Watch Your Kids: Hacking Children's Smartwatches

Do you know where your children are? Are you sure? Join us as we take apart the smartwatches worn by millions of kids around the world. We’ll cover everything including initial access, firmware and protocol reversing, remote child teleportation, and how to get vendors to listen to you.

If you’re paying attention, you’ll notice that more and more young children are running around with smartwatches on their wrists (perhaps yours, too?). Sold by major mobile network operators and advertised on the subway, these watches promise a safe introduction into the digital world, a step before the first smartphone with its dangerous algorithms and the wide open Internet.

For kids, these watches boast fun games and colorful designs, while parents get a way to call, text, and locate their child at any time.

With nothing less than their children at stake, parents rightfully worry about safety and security. The website of leading Norwegian children’s watch developer Xplora is full of promises offering just that: Total safety and peace of mind, European privacy, GDPR compliance, and German datacenters far away from Big Tech.

But how much are these claims really worth?

We take you along the process of hacking one of the most popular children’s watches out there, from gaining initial access to running our own code on the watch. Along the way, we find critical security issues at every turn. Our PoC attacks allow us to read and write messages, virtually abduct arbitrary children, and take control over any given watch.

We also give you a detailed look into the vulnerability disclosure process, with many false starts, curious fixes, and tips for how to get vendors to listen. Finally, we’ll look at what changed in the aftermath of our disclosure and if parents can really sleep soundly now.