European Commission orders mass recall of creepy, leaky child-tracking smartwatch The European Commission has ordered the recall of a smartwatch aimed at kids that allows miscreants to pinpoint the wearer's location, posing a potentially "serious risk". The commission uses its Rapid Alert System for Non-Food products (Rapex) to send out alerts to other nations in the European Economic Area about dangerous …
All internet connecting, WiFi, Bluetooth toys should be banned. Adults can choose to be daft with IoT, but kids usually have no choice.
Also see Vtech toys.
I know people are fed up about Brexit, but orders like this and the rather abused CE mark will have no validity in UK after Brexit. The Pre-CE and other before EU and European (ESTI etc) standards may not exist today or have validity after Brexit. No doubt there is a cunning plan to have British standards for RFI, Toxicity, child safety, data privacy, materials hazards and what not. Except I can't find it.
Using the UKCA marking if the UK leaves the EU without a deal
However you're right, IoT stuff is not included in the new UKCA mark, they're happy to accept CE for those. So whereas a CE-marked IoT product may be withdrawn in the EU, it seems there'll be no corresponding way of getting it withdrawn in the UK, just like there wouldn't be way of getting a FCC-marked product imported from the US withdrawn in the UK if it were withdrawn in the US.
>>>there'll be no corresponding way of getting it withdrawn in the UK
The cunning plan is since they are hackable and geo-locatable then we can communicate to little Timmy that he needs to go and deposit his smartwatch in the bin. We can tell if he has done it, and if not we know where he is and can go round and rip it off his arm.
Sorted.
This post has been deleted by its author
@Mage "No doubt there is a cunning plan to have British standards for RFI, Toxicity, child safety, data privacy, materials hazards and what not. Except I can't find it."
Out means out. No one (who loyally vote leave) cares about any of that stuff, just so long as the UK is no longer a vassal state of the EU and free from stupid Brussels rules and regulations that GB had absolutely no hand in crafting whatsoever.
Of course 73 MEPs is “no say”. None of the 751 MEPs have any “say” in policy.That’s not their role. The EU institutions weren’t just carbon copied from the U.K. version of representative parliamentary democracy. It was never designed to be, and does not claim to be in its constitution or practice.
The primary institutions are:
The Commission is the executive, and is not an elected body. It proposes, and executes all policy, and is the budget holder. This is “who runs the EU” in the sense that a CEO and Directors run a company. That’s not an insult, it’s simply the facts of the Constitution.
The Council of Ministers consists of the Heads of Government of the EU27.It “decides direction of policy” (but not propose laws, and cant overrule the Commission) and sorta kinda appoints the Commission President. Except it doesn’t. It’s “complicated”. Depending on how you like your metaphors, the Council is equivalent to either the shareholders, or the Queen.
The European Parliament, is allowed to vote only on matters already discussed and proposed by the Commission. Its only powers are to request the policy to be amended and re-submitted (which it only rarely does) and it is not allowed to simply refuse when re-submitted. Although not an exact analogy, it is similar to our House of Lords.
The EU is a radically different political system, which inverts and re-allocates power between Civil Service, elected and appointed Houses. It happens to use words like “parliament”, but those words have very different meanings and weights to what we are familiar with. There are more types of democracy than you think, and the EU style inherits more from that of the Catholic Church and Holy Roman Empire than it does from Westminster.
"Out means out. No one (who loyally vote leave) cares about any of that stuff, just so long as the UK is no longer a vassal state of the EU and free from stupid Brussels rules and regulations that GB had absolutely no hand in crafting whatsoever."
Invoking Poe's Law.
A similar watch was banned in Germany last year.
It allowed the "parent" to listen in on the child at any time, including when they were with friends or in school - which is an invasion of privacy, under German law everybody who can be heard by the device must give their permission, before they can be listened to, as the device listens without warning, it was deemed illegal.
Parents had to return it to the retailer and get their money back or have it destroyed and get a certificate showing it had be correctly destroyed and disposed of.
A quarter of a century is not "ancient history". It's the gap between WW1 and WW2, for example, and you'd be a fool to suggest that the Germans had forgotten the former by the start of the latter. It is also less than the gap between WW2 and my childhood, during which I distinctly remember West Germany being an inspiring example of how *not* to forget the important stuff of history.
For those born after 2000, maybe. For those born in the 20th Century, the aftermath of facism and communism still runs very deep.
For those that grew up in the East, it is especially deep ingrained.
I have a friend who was a teacher at a school in the DDR and lost her Job because one of the other teachers was a Stasi spy and reported her less than euphoric opinion of the Party - she didn't say anything negative, she just wasn't positive enough on that one occassion. She lost her job and could never work as a teacher again.
For people who grew up not knowing whether their parents, their spouse or their children might be spying on them for the Stasi, it is easy to see how the population in general has a hard time coming to terms with governments or corporations spying on them.
That is why drones can't be flown over industrial or residential areas, why number plate recognition cameras are illegal in most states and why CCTV is generally frowned upon and only allowed under certain circumstances.
Dashcams are quasi illegal - you can only use them to record the last 30 seconds before an accident and you (theoretically) can't upload it to YouTube, you can't use it to report someone and if you do upload it, you have to make the numberplates unrecognisable.
Given that background, it is easy to understand why people are reticent to let Google & Co. track them.
My better half is a native German and when she is at a party and people make photos, she explicitly states that they do not have her permission to upload any photos with her in them to the Internet. No tech is allowed into the house with a microphone or camera, with the exception of a smartphone, the laptop and tablet have their cameras taped over.
You mean Teledildonics?
Can we get these people shut down or shut down bitcoin? People keep telling me Bitcoin is traceable. Obviously criminals don't think so.
I'm sure most people realise these emails are fake (usually).
However the possible financial opportunities for Teledildonics compared to Teddy Bears, smart watches, baby monitors or IoT such as Nest are amazing.
I suppose it's a change from people that may or may not be Nigerians offering commission on funds transfer.
---------------------------------------------------------------------------------
Hello!
I have very bad news for you.
03/09/2018 - on this day I hacked your OS and got full access to your account *******@*******.***
On this day your account *******@*******.*** has password: smagfest
So, you can change the password, yes.. But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.
I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $728 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1E5XMWQtyYnCY4LkLnjMtqBMQNnC1KS3m3
You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".
I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (you yourself will see that this is impossible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Good luck.
It depends on where you put the emphasis - and where your mind is.
Is it Rap-Ex or Rape-X? I read it as the former for the first half of the article. The name probably got passed, because English is not the native language of most of the people involved.
Maybe if it had been called VergewaltigungX the Germans might have complained...
Should we just give the kids phones just like adults have?
You know, with the tracking apps by google and facebook, the map apps tracking location, the Find My Phone app that anyone can tap into (if they know who to ask). The phone that any ISM catcher can hear and see all the data that passes through. Maybe some Facetime so people can watch and listen to you all day.
To bad nobody protects the adults like the kids, our phones/tracking devices leak data as if - they - were - made - to........
> Find My Phone app that anyone can tap into (if they know who to ask)
err - if you know The Right Person (TM) you can trace any phone (assuming that person is happy to break the law) - there's a call trace function in the network used for legal intercept and also for network optimisation - if you know the right person in the Network Operations Centre, you can give them an IMSI or IMEI and it can be traced to a resonably high degree of accuracy. If you know The Right Person (TM), you could place a legal Intercept tap on the calls, but that person would probably pretty swiftly get sacked and arrested as these things are rigorously documented in logs. Regarding the Find My Phone feature, presumably you need to know The Right Person (TM) in Apple, or conceivable some naughty hacker who can get into the Apple account.
IMSI catchers? Well, they are about, and nefarious deeds can be done with them I'm sure, but they'll cost $1-2k to make at a minimum, and are localised in effect. Not sure they can access any data on the phone, as they operate lower down the protocol stack only, and the higher layers are all encrypted. The only way to get higher layer access is to also impersonate the core network (conceivable, as there are open-source implementations - it may be simply a case of setting the MNC/MCC correctly, but I suspect the phone might reject it due to different APN settings which would need provisioning - suspect you'd need cooperation from the network, which is why law enforcement can use them easily, and perhaps not so easy for tech-hacker-types)
Child tracking watches, IoT based toys, Smart phones, tablets, xbox or Playstation.
Dear Parents,
All of these options cannot replace you putting down your smartphone, tablet, xbox or playstation. Going outside and spending time with your children. Sort of like what parents did in the olden days. If you are too lazy to even think about this, or it terrifies you, why did you have kids in the first place?
The world doesn't need a whole generation of kids that were raised without parental involvement.
FozzyBear commemted:
"All of these options cannot replace you putting down your smartphone, tablet, xbox or playstation. Going outside and spending time with your children. Sort of like what parents did in the olden days. If you are too lazy to even think about this, or it terrifies you, why did you have kids in the first place?
The world doesn't need a whole generation of kids that were raised without parental involvement."
Your comment is very "Daily Mail" in it's nature.
... I'm in my 40s and can quite categorically say my parents didn't do this and I was left to my own devices - had a Commodore 64 to code, Amiga to play and Raleigh bikes to ride. I had technology - pretty much like the modern child now has a tablet or smartphone. I do spend time with my children outside and they are very active. I also take care to warn them of Internet dangers, show them how to be safe online and accept that I won't block them from something that they enjoy but show them how to be responsible and safe.
By age 5 or 6 my parents pretty much left me to entertain myself and to find things to do. My father worked three jobs, so he wasn't ever around, and my mom was pretty self absorbed. I found great pleasure picking through people's rubbish bins, bringing home any electrical devices that I found. This led to a lifetime of tinkering and a degree in Electronic Engineering but left me a little bit socially retarded. Fortunately I outgrew that awkward phase after college. Hopefully today's kids turn out at least as well as I did without their parents constant involvement in their lives.
"the guy" who wrote the spec presumably worked for the same company as "the guy" who made it (and presumably can equally blame "the guy" who wrote the list of features for the device that the specs would have been written from). "these guys" did not implement standard application and server security protocols and should be slapped around with laws to get it fixed
Rather than discontinue the watches, every child should issued one with small modification. Only removable with a special key and an electric shock function that can be controlled remotely.
" Timmy! It's time for your social alignment lessons"
"Aww but I wanna play fooAaaargh, I'm going now"
Bbzzzzt! " Ok ok I'm running there now, I love big brother!".
"...they have appealed to the authorities in charge with the demand that this test conclusion would be reversed."
So let me get this into my head:
Reported facts:
- the mobile application accompanying the watch has unencrypted communications with its backend server
- the server enables unauthenticated access to data
A malicious user can therefore:
- send commands to any watch
- can make any watch call another number of his choosing
- can communicate with the child wearing the device
- locate the child through GPS
But all that is OK because:
- This RAPEX announcement [is based] on a test in Iceland. --> not sure why a test in Iceland should be invalid - maybe because it is cold there?
- We think this test was excessive – not reasonable, material or fair – or, based on a misunderstanding or the wrong product (a previous version of the product, which is not in the market anymore) --> which of these excuses will work - none of them, certainly not for those who have already bought the flawed products.
- We, also, think, that the Test Conclusion of the Bundesnetzagentur is sufficient and rules --> just because one agency has apparently not found any holes in the product it does not follow that there are none - the reported facts clearly show that whatever tests were carried out were clearly not adequate to find the fundamental flaws.
It simply does not compute.
We think this test was excessive – not reasonable, material or fair – or, based on a misunderstanding or the wrong product (a previous version of the product, which is not in the market anymore
Interesting, so you knew about the previous versions having these problems. Didn't say anything and didn't fix the newer version?
Also if this is an old product and it's not on the market anymore, why are the backend servers still running?
Also if this is an old product and it's not on the market anymore, why are the backend servers still running?
Perhaps "not on the market any more" =/= "no longer used by anyone". Or put another way, you don't shut down the required infrastructure when the last unit goes out the warehouse door - unless you're Google and have just "terminated" Revolv hubs.
https://www.theregister.co.uk/2016/04/06/nest_kills_revolv/
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
