The European Consumer Organisation (BEUC) has issued a public service announcement on the security and privacy concerns surrounding modern children's smartwatches.
The report warns that most children's GPS-tracking smartwatches are rife with security flaws that allow an attacker to take control over the device, eavesdrop on the child's conversations, or turn on the smartwatch camera and film or take pictures.
Further, the attacker can track the smartwatch's GPS location or send fake GPS coordinates to the watch's paired app, misleading parents about their child's location.
In addition, BEUC found that the SOS button on some of these watches is unreliable and hackers could replace the emergency phone number with their own.
Besides software security, the report also warns about privacy issues, such as non-existent terms and conditions that allow vendors to collect user data without warning or giving parents a way to stop this behavior or remove the child's collected data.
"These watches should not find their way into our shops," Monique Goyens, Director General of BEUC, said in a press release.
"Parents buy them to protect their children. However, they are probably unaware that instead of protecting them they are making their children more vulnerable," she added. "The EU urgently needs to regulate mandatory security standards for connected products. Producers should immediately fix these flaws or they should find their products withdrawn from the market."
The BEUC's report was put together by the Norwegian Consumer Council (NCC). The full 49-page report is available for download here and contains security audits for children's smartwatches such as Gator 2, Tinitell, Viksfjord, and Xplora. Of the four, only Tinitell appears to have survived unscathed, with the NCC reporting it had not found any explicit security vulnerabilities, but the product also had fewer features than its competitors.
A report on one of the Gator 2 security flaws is also available on the blog of Norwegian security researcher Roy Solberg.
In February 2016, security firm Rapid7 also published a report on hereO kids' GPS-tracking watches. The flaws were similar to the one the BEUC is warning parents now.
On Tuesday, the FBI issued a similar public service announcement regarding Internet of Things devices that may expose consumers to cyber exploitation. The report warned about wearables such as smartwatches, but also about many other IoT devices such as office equipment, medical devices, smart home appliances, home automation devices, and entertainment systems.