"I wouldn't want that kind of functionality in a device produced by a company like that."
The X4, a smartwatch designed for kids, apparently has disturbingly-weak security.
With a single encrypted text, a security researcher was able to gain access to the X4 and tap its real-time location, take pictures with its camera, and even record audio, Ars Technica reports. The flaws in the watch show that security flaws don't just affect adults — and the choices parents make about their kids' tech usage can have far-reaching consequences.
Qihoo 360, a Chinese firm with ties to the Chinese government, developed the watch along with the Norwegian children's watch company Xplora. When used as designed, the X4 is supposed to give parents ways to keep an eye on their kids, both through location tracking and by letting kids send their parents an SOS signal that also transmits their geographic data.
Unfortunately, those same features can be exploited by a bad actor trying to track kids instead.
"I wouldn't want that kind of functionality in a device produced by a company like that," Harrison Sand, the Mnemonic security researcher who found the exploits, told Ars.
In response to the exploit, Xplora argued that getting backdoor access to a kid's X4 watch would take a serious effort, because it requires the hacker to know both the phone number and encryption key linked to the watch. And while Sand was able to take a picture without the watch's screen even lighting up, images are uploaded to an Xplora server that would also need to be hacked into.
But that said, it reveals just how risky kid-monitoring tech can be. And breaking in wouldn't be an impossible feat, especially for someone with ties to Xplora or Qihoo 360, Ars reports.
READ MORE: Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch [Ars Technica]
More on cybersecurity: Smart Toys Often Contain Child-Endangering Security Flaws