315 exposed low-end children’s smart watch: a walking peeping device

315 exposure of low-end children’s smart watches: walking peepers

315 exposure of low-end children’s smart watches: walking voyeurs, many low-end versions of children’s smart watches are available in various markets Hot sales on major e-commerce platforms. The 315 Party revealed that such watches can easily obtain children’s private information and become walking “peepers.” 315 exposed low-end children’s smart watch: a walking peeping device. 315 exposure of low-end children’s smart watches: walking peepers 1

Today’s children’s smart watches have powerful hardware, thoughtful functions, real-time positioning, high-definition dual cameras, face recognition, and video calls. Children find it convenient and fun, and parents can keep track of their children's whereabouts at any time.

Nowadays, many low-end children’s smart watches are selling well on major e-commerce platforms. The 3·15 Information Security Laboratory launched a special test on this.

This children’s smart watch has a sales record of 100,000 yuan. The tester purchased one and gave it to a child to wear. The tester disguised the QR code for downloading a malicious program as a lottery game and posted it on the doorstep of the child's home.

Such a lottery game can easily attract children to scan the code and experience it. In this way, the malicious program easily entered the child's smart watch.

At the same time, engineers have implemented remote control of this watch.

Every time a child draws a lottery, the malicious program automatically packages the important information in the watch, such as location, address book, call records, etc. and sends it out in real time.

After playing the lottery game and the child goes downstairs to play, the engineer can still locate the child in real time, continuously collect the child's movement trajectory, and easily delineate the child's activity range.

Testers can infer from the background by collecting the child's location information multiple times that her home is actually very close to her school, about two to three hundred meters, and can be reached in 5 minutes.

After returning home, the child chatted with his grandma. By calling the microphone in the watch, engineers in other places can clearly understand the conversation.

After dinner, the children do handicrafts at the desk. The child's every move is also monitored at all times.

Why does this kind of children’s smart watch, which is loved by children and trusted by parents, become a pair of peeping eyes that follow you everywhere?

Testers found that the root cause was that its operating system was too old.

This watch actually uses the Android 4.4 operating system without any permission management requirements. It has been nearly 10 years ago. And its latest version has been updated to Android 12.

As long as the App applies for what kind of permissions, the Android 4.4 operating system will give the App what kind of permissions, and there will be no link to inform the user or obtain the user's authorization and consent.

On such a low-version children’s watch, after various apps are installed, various sensitive permissions such as location, address book, microphone, and camera can be taken away without user authorization. This means that they can easily obtain private information such as the child's location, face images, and recordings.

These manufacturers choose lower versions of operating systems out of cost considerations. However, it ignores the safety of users and brings endless troubles to consumers.

Also on Android-based mobile phones, when installing the App, the system will clearly prompt whether the user agrees to the authorization.

Nowadays, everyone attaches great importance to the supervision of mobile apps. From a technical point of view, many standard requirements on mobile phones are completely applicable to smart terminals. It may still be a problem of insufficient attention that makes this type of smart terminal a hardest-hit area in the protection of personal information.

The 3.15 Information Security Laboratory also tests other low-end versions of children’s smart watches.

This children’s smart watch uses the Android 9 operating system, which seems to be a newer version.

When installing the App, the system will pop up a window asking whether to grant certain permissions. However, once the user refuses authorization, the App will crash and refuse to provide any services.

For example, the tester opens an application called "Weather". It will appear a pop-up window asking for the user's storage permissions. If you only check the weather, there is no need to store and read user photos, so choose reject. Then the application asked for permission to make phone calls, which was also a non-essential permission, and was still denied. Asking for positioning permission again, which is also an unnecessary permission, was also rejected. Then the app crashed immediately.

In this way, consumers have only two choices, either not to use it at all, or to exchange all their permissions for services.

App’s forced claiming of rights is very harmful. Because in order to obtain services, once the user compromises and gives away the permissions, the information in the watch will also be handed over. The child's geographical location, pictures, videos, call recordings and other privacy will be collected, and the safety risks for the child can be imagined. 315 exposes low-end children’s smart watches: Walking Peeper 2

“Real-time positioning, face recognition, video calls”, children’s smart watch hardware functions are becoming more and more powerful. On the evening of March 15, CCTV’s 315 Gala exposed a low-end children’s smart watch that can take away multiple sensitive permissions such as location, address book, microphone, camera, etc. without user authorization, easily obtain children’s private information, and become a walking “peeping device” ".

Many low-end versions of children’s smart watches are selling well on major e-commerce platforms. 315 Information Security Laboratory tested a children's smart watch that costs just over a hundred yuan and has a sales record of 100,000 yuan. At the same time, engineers installed a malicious program into the smart watch to achieve remote control of the watch. In this case, every time a child uses a smart watch to draw a lottery, the malicious program will automatically package the location, address book, call records, etc. and send them out in real time.

Through remote control, children’s movement trajectories can be continuously collected and the activity range can be easily delineated. The remote control party collects location information multiple times to infer the distance between home and school, and calculates walking time, etc. Because the smart watch has a camera function, every move of the child will be recorded at any time by this low-end smart watch.

Why can these low-end smart watches easily obtain private information? The reason, testers found, was that the operating system was too old. This watch uses the Android 4.4 operating system without any permission management requirements. It has been nearly 10 years ago, and its latest version has been updated to Android 12.

As long as the APP applies for permission, this system will pass it and will not inform the user or obtain the user's consent. 315 Information Security Laboratory further tested low-end smart watches with higher system versions, such as an Android 9 operating system. If a pop-up window prompts for authorization, if the authorization is refused, the APP will crash and refuse to provide any services.

From the manufacturer's point of view, the choice of a lower version of the operating system is out of cost considerations, but it ignores the security of users. He Yanzhe, an expert at the 315 Information Security Laboratory and deputy director of the Cybersecurity Center Evaluation Laboratory of the China Electronics Technology Standardization Institute, said in an interview with CCTV 315 that the country now attaches great importance to the supervision of mobile APPs. From a technical perspective, the supervision requirements for mobile phones are placed on Smart terminals are also fully applicable, but this type of smart terminal is still a hard-hit area in terms of personal information protection. 315 exposes low-end children’s smart watches: Walking Peeping Machine 3

It can locate, take photos, and make calls... Children’s smart watches are becoming the standard for more and more underage students. match. However, this rapidly growing market segment has been plagued by chaos.

Last night, CCTV’s 315 Gala exposed the huge safety risks of low-end children’s smart watches, which have even become “walking peepers” and malicious programs can easily enter the watches.

Sina Technology discovered on an e-commerce platform that a large number of low-priced copycat children’s watches are flooding it. You can even buy a so-called best-selling children’s watch for as little as 9.9 yuan. There is no doubt that the safety risks of such inferior products will be greater.

The system is old and has low security.

According to the CCTV 315 Party report, the 315 Information Security Laboratory has a sales record of 100,000 for e-commerce platforms. Children's smartwatches are being tested specifically.

Testers disguised a QR code for downloading a malicious program as a lottery game. After children scanned the QR code through this watch, the malicious program easily entered the watch. Engineers can remotely control this watch, making it easy to collect location information, monitor call records, and peek at videos.

The fundamental reason behind this is that the operating system of this product is too old. The report pointed out that this watch actually uses the Android 4.4 operating system without any permission management requirements, which has been nearly 10 years ago. As long as the App applies for any permissions, the system will give the App those permissions without giving any notification to the user. In this way, the App can take away various sensitive permissions such as location, address book, microphone, and camera without user authorization.

There is no doubt that the reason why watch manufacturers choose lower versions of operating systems is to keep costs down. However, the safety of this system is greatly reduced and brings endless troubles to children.

In fact, the issue of App permissions on smartphones has long been concerned by relevant departments and users.

Just before the 315 party, the Ministry of Industry and Information Technology has just launched a "look back" to rectify apps that infringe on user rights. In a random test of the apps that found problems last year, there are still 14 problems, and the relevant apps are required to be released on March 21 Completed the rectification recently.

According to data recently released by Xiao Yaqing, Minister of the Ministry of Industry and Information Technology, the Ministry of Industry and Information Technology has tested a total of 2.08 million apps in 2021, notified 1,549 illegal apps, and removed 514 apps that refused to rectify.

However, overall, the terminals involved in these Apps are mainly mobile phones and tablets. Children’s smart watches, an extremely segmented but very important terminal, have been ignored.

Counterfeit products are rampant, with the lowest price only 9.9 yuan?

In fact, in addition to the low version of the operating system exposed at the 315 party, a large number of low-priced copycat children's watch products are rampant, posing greater security risks.

Sina Technology saw on an e-commerce platform that if you search for "children's watches" as a keyword, you will see many low-priced products, basically under 100 yuan.

Sina Technology clicked on a product with the keyword "suitable for Huawei mobile phones". The flash sale price is only 43 yuan, and 34,000 units have been sold. According to the promotion, this watch can connect to WiFi to download apps such as WeChat, QQ, and Douyin. It also supports phone calls, video calls, scan-code payment, GPS positioning, face recognition and other functions.

However, this watch is not produced by Huawei, but by a brand called Pushis. There is no doubt that it is riding on the popularity and inducing users to buy it.

In the best-selling list of smart children’s watches on this e-commerce platform, the number one product is actually a product priced at 14.8 yuan. This product uses "primary school student genius" as the keyword and deliberately uses the "little genius" brand, and has sold 100,000 units.

There is also a "primary school student genius" watch on the best-seller list that only costs 9.9 yuan. The actual brand is Jinzheng and 32,000 pieces have been sold. In the comments, some users said that "it's very bad, the sound quality is too low and the sound quality is not clear"; another user said that "it's not usable at all, it's just a decoration, it can only be turned on and off, and can't do anything."

On the one hand, these low-priced copycat children’s watches may have quality problems; on the other hand, the security issues when downloading the App are even more worrying.

Manufacturers are pouring in and the industry needs to be standardized

Although children's smart watch products are relatively segmented, the rapidly growing market space has attracted an influx of more and more well-known companies.

According to public statistics, the number of children under the age of 14 in my country has remained at around 250 million in the past 10 years. With the relaxation of the three-child policy, the number of potential users of children's smart watches has increased again.

According to data from the Huajing Industrial Research Institute, the demand for children’s smart watches in my country has maintained rapid growth in recent years, reaching 29.9 million pieces in 2020.

What is the potential of children’s smart watches? According to the 2021 smart watch market share report recently released by research company Counterpoint, imoo (BBK) ranks fourth with a market share of 5.2 in 2021, second only to Apple, Samsung and Huawei. It mainly relies on children's smart watch products .

This huge market has also attracted the entry of technology giants including 360, Huawei, Xiaomi and other technology giants; in 2021, Huami Technology, which specializes in adult smart watches, also announced its entry into the field of children's smart watches.

However, overall, the current shipments of domestic children’s smart watches are mainly concentrated in the price range below 800 yuan, and low-price competition is fierce; at the same time, children’s smart watches are mainly owned by families in first- and second-tier cities. , in third- and fourth-tier cities and rural areas, the penetration rate of children's smart watches is still very low, which also provides survival space for many low-priced copycat products.

In the current children’s smart watch market, in addition to the safety issues exposed by the CCTV 315 Party, some industry insiders have also expressed concerns about health issues.

Huang Wang, CEO of Huami Technology, once said that more and more children’s watches are strengthening learning attributes and adding some cultural knowledge-based learning and educational game functions to children’s watches, which makes some parents, including myself, feel vague disturbed.

First of all, are children’s watches really suitable for learning knowledge? The original intention of giving learning functions to children's watches is certainly beautiful, but the reality is that if children are allowed to learn on a screen as small as one or two inches, the learning may not be successful, and their eyesight has plummeted.

Secondly, are children really using children’s watches to learn knowledge? Are the high-tech products on the market helping children or hindering them? Manufacturers have achieved great commercial success by pleasing parents and children at the same time, but no one has ever taken a closer look at how many children are myopic as a result. Children's watches, which have become a necessity, may become the next killer of myopia.

The exposure of the 315 party has put the safety issue of children’s smart watches under the spotlight.

When more and more companies enter this market segment because of market share and profit attraction, they consider not only profits but also social responsibilities.

This may require joint efforts from relevant departments, watch manufacturers and App developers. And equally important, parents also need to keep their eyes open when buying children's smart watches to avoid being attracted by low-priced knockoff products and being deceived.