back to article Leaky child-tracking smartwatch maker hits back at bad PR

Kids' smartwatch-pusher Enox, whose Safe-KID-One watch was pulled by the European Commission, has hit back against the bad PR – with some rather unusual arguments. Citing an investigation by Icelandic infosec firm Syndis, the Commission this month outlined "serious" risks with the watch, which comes with GPS, a mic and a …

  1. Anonymous Coward
    Joke

    Watching your kid is good

    Having the whole world watch your kid is even better. More eyes, more safety.

    I therefore applaud Enox for doing their part to make children safer.

    1. Muscleguy

      Re: Watching your kid is good

      Speaking more generally one of the problems in the modern world is not enough eyes out there, by which I mean other kids. Back in the day when I was a wean then a sprog aged about 8 I would take myself down the docks for a spot of fishing. There would always be other boys there, older as well and there was a rough sort of care going on. Older boys would offer advice and give tips and ask where you were going if you got up to move further along the wharf for eg.

      There were lots of kids about, lots of eyes watching and we would often have three 2c pieces for the payphone or scrounging some discarded pop bottles for the deposit would soon garner them. Not quite cellphone like but anyone causing a worry would know a phone call to the cops by eyes bearers was a possibility.

      Now kids on their own out and about stick out like sore thumbs and all sorts of people rush towards them and how do you know if their intentions are benign?

      Back in the '90s in Outer London we would let out tweenage kids go round the end of the road on their bikes to the recycling bins, because we were NZ parents eager to give our kids responsibility and some freedom. The youngest came of her bike and just skinned a knee. Some busybody woman wouldn't let just come home and insisted her elder sister come and get us, leaving the youngest with this stranger woman. The eldest came back in a fluster 'a strange woman won't let her leave'. We hot footed it over there and she tried to tell us off for letting our kids out of our sight and we stopped her and made it plain that abducting our daughter was not on.

      If there had been legions of spawn on bikes, scooters or afoot they instead of her would have gathered round, decided a skinned knee was no odds and put her back on her bike.

      Was a it a Black Mirror episode I saw recently where a woman had a tracker put in her daughter's head connected to a tablet which in the end caused the teenage daughter to leave home for good after smashing the tablet. A scenario the mother had sought to avoid by wrapping her daughter in digital cotton wool. The neuroscience of it was pretty dodgy but the point was well made.

      We now have 18 year olds taken to University open days by their parents. My wife who does admissions and recruitment tells of how she regularly has to tell parents that privacy legislation means she is unable to tell them their spawn's test results or anything.

      Then we have the phenomenon of young people allowed away on their own for the first time and injuring and killing themselves in over risky situations because they have never been allowed to risk themselves in things like climbing trees etc so don't know how to assess risk in the way we did through bruises, skinned knees and even broken bones. The phenomenon of a classmate with a cast you could sign was a staple, worn as a badge of pride. I never managed one, perhaps because I have loose joints so tend to land floppier than most. I can also pop my shoulders out and back in again in flash of pain but no damage done. I did that a few times, x-rays and examinations showing the shoulder was back in while I knew for a fact it had popped out, I felt it.

      So no casts for me but plenty of personal risk assessment.

  2. chivo243 Silver badge
    Childcatcher

    "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

    Regular people don't stalk and abuse children. So he answered the question with it being asked. There are sociopaths and psychopaths doing exactly what he says normal people don't do...

    1. Version 1.0 Silver badge

      Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

      Sure, but is this actually happening? Yes it's a problem but what's the actual immediate risk here? Is it worse to have a 0.01% chance of the kids watch being hacked or a 0.01% chance to the kid getting lost in the wild woods? Are the risks even this balanced?

      Personally I think any parent would be dumb to rely on technology to maintain a kids safety but given that the parents almost always know where the kid is and the chance of the watch being hacked is quite small then this is just another bit of shouty internet junk.

      Life is a risk ... get used to it.

      1. Aristotles slow and dimwitted horse

        Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

        I agree entirely. These same risks apply to every internet connected device, including every single smartphone which by my reckoning mostly all seem to : have telephony, tell the time, have a GPS etc etc.

      2. GnuTzu
        FAIL

        Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

        The issue is a matter of pervs who shop the dark web for kiddie pics who will eventually create a market for hackers to sell certain kinds of services. And, don't forget nanny cams have already been hacked and exploited by pervs, so there's no reason to think these products are immune. Finally, anyone who thinks that pervs always work alone is a fool. Think ahead product makers; you are contributing to the creation of a whole new kind of dark and sick market.

        1. Mongrel

          Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

          "The issue is a matter of pervs who shop the dark web for kiddie pics who will eventually create a market for hackers to sell certain kinds of services."

          Not even that, while not a regular feature of the news there's still plenty of "Divorced parent of child ran to another country with them".

          Pervs & Paedos is the worst case (that the Daily Mail will happily sell you) but disgruntled relations are probably more of a danger

          1. GnuTzu

            Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

            "...but disgruntled relations are probably more of a danger."

            Yeah, I'll buy that. Family ties are a highly motivating factor and those ties get pulled on far more often.

      3. DropBear
        Devil

        Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

        "Life is a risk ... get used to it."

        "...but instead of teaching your kids some responsibility and showing some yourself, why not bravely surveil their ever step with a (ludicrously insecure) GPS watch instead...!" Oh, do go on. It's beer o'clock anyway, we could all use a good laugh...

        1. Anonymous Coward
          Anonymous Coward

          Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

          "...but instead of teaching your kids some responsibility and showing some yourself, why not bravely surveil their ever step"

          Or every other step, or perhaps just watch them bounce randomly around as they are tracked with an accuracy of ±500 meters.

          They've been abducted...

          They're almost home.

          Abducted.

          Home.

      4. Anonymous Coward
        Anonymous Coward

        Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

        "0.01% chance of the kids watch being hacked"

        Where's that statistic from? If it can be hacked then it can be hacked and should be fixed. A device that is designed for internet connectivity and tracking should be safe - even form a Data Protection point of view, let alone a moral one.

        The guy in this interview comes across as someone who just doesn't care at all if their products are not secure and that security isn't important. If a parent buys this watch for their child they might give them a bit more freedom than they otherwise would. So if it is not safe and the critical functions can be changed, even for a laugh, it should not be on sale.

        For instance if someone decide to find all the accounts in the local area and divert the emergency call to their mobile number. They could do it just to laugh at the child when there's an incident - pretty distressing and potentially a big safety issue. Or they could use it for more nefarious purposes and help to 'rescue' the child, even one that has been taught not to talk to strangers.

        A device where they take security seriously (actually seriously), code with secure principles as a priority and any flaws are acted on as quickly as possible through a responsible disclosure program - might still have issues arise but it probably wouldn't be removed from sale by the EU

      5. Anonymous Coward
        Anonymous Coward

        "Is it worse to have a 0.01% chance of the kids watch being hacked"

        And how do you keep that chance that low?

        If you want an example, you have a far bigger chance to be poisoned by food in US than in EU.

        Why? Because EU stricter regulations about food safety keep that risk far lower than in countries with laxer regulations. Sure, you can wait the number of poisoned people becomes high enough before acting, or you can prevent poisoning by checking before, prevent dangerous food reaching people, and recall it as soon as it is identified.

        The risk won't be evidently 0 - there will always be people trying to ignore rules, and other factors - but it will be still far lower than if rules, checks and recalls didn't exist.

        Nobody is saying this kind of device should not exist - but it must exist in a safe form - to keep risk at the lowest possible level. Otherwise to save a few euros most devices will be far riskier.

        1. Version 1.0 Silver badge

          Re: "Is it worse to have a 0.01% chance of the kids watch being hacked"

          but it must exist in a safe form - and the chances of that happening reliably are vanishingly small. You are far better off teaching your kids about the risks of the world and that most of the time it's easy to avoid them ... when I was a kid I would take off after breakfast and be all over the countryside until late afternoon ... than I'd return home and wait for my mum to walk me across the main road. My parents never knew where I was - on vacation I'd climb cliffs, run parkour-like in the 60's over all sorts of places - it scares me now to know what I did but as a kid I didn't care, I just knew not to break a leg when the tide was coming in. Kids are a lot smarter than adults.

      6. JohnFen

        Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

        "Yes it's a problem but what's the actual immediate risk here?"

        Who knows? But if it were my child, I would absolutely not let them wear something like this. Perhaps the risk is low, but it still greatly exceeds the benefit.

      7. katrinab Silver badge

        Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

        If pædos don’t exist, you don’t need this watch. If they do exist, you don’t want this watch.

  3. Anonymous Coward
    Anonymous Coward

    "But, at this stage, this security is not 100 per cent available"

    OK, but 99%? 90%? at least, say, 85%? Something only very skilled, and very determinate hackers can break, with a lot of effort?

    This guy looks to deliver something with about 1% security, if not less. And the reasoning "Achieving 100% security is impossible, so no security is the same thing" is really fallacious.

    Start to fix you issues, and show the system is secure enough, then complain...

    1. Version 1.0 Silver badge

      Re: "But, at this stage, this security is not 100 per cent available"

      Has anyone ever built something that can not be hacked? Let's return to hourglasses .... oh wait, someone heated it and pulled it a little and the hourglass is running slow - it's been hacked!

      1. Anonymous Coward
        Anonymous Coward

        Re: "But, at this stage, this security is not 100 per cent available"

        If a car has a safety issue that only affects 1% of their cars should they recall them or just accept that all cars have problems, or at least might develop problems at some point.

        1. Anonymous Coward
          Devil

          Re: "But, at this stage, this security is not 100 per cent available"

          I think that if the vulnerability was in something that allowed to find expensive cars and drive away with them easily, much more people would be much more worried than about children...

          1. Cuddles

            Re: "But, at this stage, this security is not 100 per cent available"

            "I think that if the vulnerability was in something that allowed to find expensive cars and drive away with them easily, much more people would be much more worried than about children..."

            And yet you can find plenty of articles here pointing out that it is, in fact, possible to find and drive away with expensive cars very easily, and no-one either selling or buying them seems to care in the slightest.

          2. imanidiot Silver badge

            Re: "But, at this stage, this security is not 100 per cent available"

            Recent history has shown most expensive cars are ludicrously easy to hack into expensive cars and drive away with them. Very few people seem to give a shit.

      2. Anonymous Coward
        Anonymous Coward

        Re: "But, at this stage, this security is not 100 per cent available"

        Between "could be hacked only by determined skilled hackers with enough time and resources to find a a previously unknown vulnerability" and "can be easily hacked by a casual script kiddie" there is a big difference.

        If you can't understand it, you should stay away from any kind of software development.

        1. Doctor Syntax Silver badge

          Re: "But, at this stage, this security is not 100 per cent available"

          Between "could be hacked only by determined skilled hackers with enough time and resources to find a a previously unknown vulnerability" and "can be easily hacked by a casual script kiddie" there is a big difference.

          And all too often the big difference is only a matter of months - if that.

          1. Anonymous Coward
            Anonymous Coward

            Re: "But, at this stage, this security is not 100 per cent available"

            Sure, especially if your hardware/software is designed to be non updateable and you never thought to release updates anyway because they have a cost....

      3. Mephistro
        Facepalm

        Re: "But, at this stage, this security is not 100 per cent available"

        And this is a good example of the "all or nothing fallacy".

  4. Dan 55 Silver badge

    "a simple and cheap kids' watch"

    Not that simple as it has GPS and ticks the box in the marketing brochure, simple enough for abysmal security. Why do purveyors of IoShit always choose that sweet spot I wonder?

  5. Korev Silver badge
    Childcatcher

    Pantu the dog

    Having read this, I'm thinking of getting the Brass Eye DVD out this evening

    1. Zog_but_not_the_first
      Thumb Up

      Re: Pantu the dog

      Beat me to it. Chris Morris nailed this comprehensively.

      Shatner's bassoon etc.

  6. Alistair
    Windows

    Dammit you guys!!!!

    I got this thing I'm selling. Its my living you know. And it does the thing it says. So stop picking on me!!!! Its not that big a problem really!!! I've never met someone that could break into my kids watch thing!!! Stop picking on me!!!! I need to make a living here. Stop picking on me!!!!

    /sarc /whine

    In other words, basically, "I think its okay, what the hell is all this shit about standards? Why should I have to follow some sort of standard. I'm just trying to make a buck here."

    I'll bet he's read atlas shrugged. Twice. And made notes.

    1. Angry IT Monkey

      Re: Dammit you guys!!!!

      The guy must be pitching at naive parents who don't understand that a "Smart Watch" shouldn't have what their blurb boasts is a "Traditional Analogue Watch Face to Hide away the High Tech Construction".

      It also says you can track almost to the meter, which is somewhat at odds with his 500 meter range defence.

      Plus any kid can leave the tracker at a friend's house if they're going somewhere they've been told not to.

      Still, I'm sure their Safe Kid Two is much more secure, it has a pedometer.

      1. Doctor Syntax Silver badge

        Re: Dammit you guys!!!!

        "It also says you can track almost to the meter, which is somewhat at odds with his 500 meter range defence."

        Next thing he'll be complaining that you're expecting his marketing bumph to be true.

        1. DiViDeD

          Re: Dammit you guys!!!!

          Hey c'mon! 'almost to the meter', 'within 500 meter..'? they've both got 'meter' in them, so it's the same thing, innit?

          Del Trotter, 1976

      2. 's water music
        Childcatcher

        Re: Dammit you guys!!!!

        Still, I'm sure their Safe Kid Two is much more secure, it has a pedometer.

        This.

        Something that measures pedos is surely the kind of USP the target market will appreciate.

        Beep, beep, beep --->

    2. John Brown (no body) Silver badge

      Re: Dammit you guys!!!!

      I think the point I took from his "defence" is more along the lines of "don't worry about the security, it's a piece of shite that doesn't do what the marketing claims anyway. No biggie"

      1. imanidiot Silver badge

        Re: Dammit you guys!!!!

        Don't you worry about security, let me worry about blank!

        (Paraphrasing Steven Fry, Futurama, Episode: Futurestock, First aired 03/31/02 )

  7. This post has been deleted by its author

    1. Spamfast
      Facepalm

      Re: Iceland

      Coming from a tiny, ocean-surrounded country where everybody knows everybody just about

      It was an Icelandic security firm that found the security flaws.

      The firm that manufactures the watch is German. Germany has a population of 85 million and is part of the Shengen agreement so has no border controls with most of the the rest of the EU. That's maybe 400 million people.

      But anyway, to say everyone in Iceland knows everyone else is ludicrous. Iceland has a population of 350 thousand. Do you know that many people? How many people do you think you know well enough to trust with your kids? Fewer than a hundred I'd have thought. That's less than the population of many streets.

      Try checking things before posting - you might avoid coming across as a prat.

      1. Angry IT Monkey

        Re: Iceland

        According to their marketing it's manufactured in China to German standards, even seems to be a selling point. The server that holds all tracking data is housed in Germany. I hope the security is better than the watch.

        I don't even know all the people on my street, let alone the closest 350,000.

    2. Anomalous Cowturd
      Stop

      Re: Iceland

      "Coming from a tiny, ocean-surrounded country..."

      Iceland is 78% the size of England, so not exactly tiny. It also has a habit of sprouting new bits, so don't be surprised if it overtakes us in a few years. (Eons.)

      1. JohnFen

        Re: Iceland

        I assumed he was referring to population, not land area. I still disagree with him, but Iceland is indeed a tiny country population-wise.

    3. Anonymous Coward
      Anonymous Coward

      Re: Iceland

      "Icelandic banks are totally reliable" - they are when they are run by women, it's the banks run by macho men that crashed and burned ... maybe we'd be better off with a watch designed by women. Let's face it, us guys are doing a real crappy job at technology - just look around us.

      1. Spamfast
        Pirate

        Re: Iceland

        And when Icelandic banks do fail, they're held to account.

        When the banks fail in the UK, they get rewarded with hundreds of billions of pounds of taxpayers' money and the upper management and shareholders laugh all the way to the, erm, bank.

        That money has to be borrowed (see 'national debt') and guess who provides the loans?

        The VAT (purchase tax) rate was 'temporarily' increased in the UK during the last debacle to help to pay for all this and hasn't gone back down since. Guess who gets hit hardest by purchase taxes? It sure ain't the bank executives.

        Because times are hard, all workers get their wages frozen. "Sorry, we can't afford to give anyone a pay rise this year. Don't be silly. Of course that doesn't apply to the upper management. They're still going to get a 20% rise for doing such a good job this year."

      2. DavCrav

        Re: Iceland

        "they are when they are run by women, it's the banks run by macho men that crashed and burned"

        Name these Icelandic banks run by women, please.

      3. Richard 12 Silver badge

        Re: Iceland

        Iceland went effectively bankrupt during the 2008 financial crisis, so not quite sure what you're trying to say there.

        1. DiViDeD

          Re: Iceland went effectively bankrupt

          It certainly did, with the result that it is now a post apocalyptic wasteland, it's population homeless and starving, killing each other for the chance to lick the nourishment from a discarded fishskin..

          Oh, hang on, that might not be entirely the case.

          1. DavCrav

            Re: Iceland went effectively bankrupt

            "It certainly did, with the result that it is now a post apocalyptic wasteland, it's population homeless and starving, killing each other for the chance to lick the nourishment from a discarded fishskin..

            Oh, hang on, that might not be entirely the case."

            No, what they did was tell all business customers in foreign countries (i.e., many UK Councils) to piss off. Having lost all their reserves, many such councils are now mostly bankrupt.

            So yay.

  8. Paul Cooper

    Even when SA was enabled, the accuracy of GPS was not less than 50 metres. The 500 metre figure doesn't add up; no GPS could provide a position that bad!

    1. -tim

      There were some early mobile phone tower assisted GPS systems which lead to what is now called Augmented or A-GPS which use a cheap GPS receiver that sends the data to the tower for processing. The early versions of that were only good for about 500m at best. A real full Navstar GPS receiver must know its time down to 90 ns to even get a fix which means its knows its position to about 90 feet (90 light nano-seconds or about 30 meters) discounting signal reflections and atmospheric delays. GLONASS, Galileo and BeiDou are similar.

      1. Nick.

        You're missing the point. The accuracy of the GPS function provided is secondary...

        The PoS mouthpiece for this PoS product claimed that the GPS accuracy of the product was +/-500m and that that was well-known to those buying it, so they were not buying it for accurately locating their kids, and hence the bad guys could not either. However, the product's webpage at the company's official site https://www.enoxgroup.de/our-products/smartwatches/safe-kid-one/ and the "product sheet" for the watch, linked from that page both say "Through downloading of an APP in your Smartphone (QR Code included in the User Manual), you can locate and follow your Kid – almost to the Meter – on a GPS Map in your Smartphone". So, he is lying about the claimed accuracy of the GPS and what parents/purchasers presumably thought about their ability to "pinpoint" their kids' locations from using the watch and app. These claims speak to the veracity and credibility of the company, which is obviously deeply questionable. It is, at a minimum, obvious that Enox is a compamy that makes/markets "high tech" products (actually, probably mostly re-badges and markets other people's products, right?) without much clue about broader issues of such 'high tech" than how to maximize the profit it makes...

  9. Pascal Monett Silver badge
    FAIL

    "the accuracy of the watch was only +/- 500m"

    So not only is he selling a piece of shit GPS, he's also selling one that is not secure ? And it's not a problem because you can't have 100% security ?

    I'd really like to ask him if he has a lock on his door and, if so, why.

    Not going up in my esteem is the least I can say.

  10. Doctor Syntax Silver badge

    Reductio ad absurbam

    "Instead, he pointed to a one-page assessment from the German federal agency Bundesnetzagentur that the watch didn't violate that country’s Telecommunications Act."

    I once had to investigate a case where a home-made roof ladder broke. I'm sure it didn't violate any country's Telecommunications Act but unfortunately that didn't help. The bloke who fell off the ladder was killed.

    1. Anonymous Coward
      Anonymous Coward

      Re: Reductio ad absurbam

      I'm quite sure that assessment was the usual paperwork saying the device used the correct frequencies, didn't violate any transmission power limits, and abode to relevant standards. Nothing to do with "cybersecurity".

  11. Anonymous Coward
    Anonymous Coward

    As my grandmother used to say

    stupid is not the one who's selling the crap, it's the one who buys it.

    1. Spamfast
      Headmaster

      Re: As my grandmother used to say

      As my Latin teacher used to say more succinctly, "caveat emptor."

    2. Anonymous Coward
      Anonymous Coward

      Re: As my grandmother used to say

      Take your time young man

      Don't you rush to get old

      Take it in your stride

      Live your life!

      Live your life!

      Oh-oh...

  12. JohnFen

    Effectively an admission

    Such weak and ridiculous defenses tell me that they can't come up with even a halfway reasonable-sounding defense. That's essentially an admission of fault.

  13. Matthew Anderson

    Ting is, he's right. Although now the media has a hold of this, technical peados may at this very moment be attempting to hack said watches to follow children, instead of actually just.... following children. Security by obscurity used to be a ting, until we published everydamnting.

    Perhaps this is a good ting. Instead of just coming along in your white van and lifting a kid into the back of it as normal, now we should be on the lookout for watch hackers. New set of rules for schools to follow. Ignore white van, but watch out for.... I seen a guy with an IoT bear the other day looking shifty, roll out the stingers and set a curfew.

  14. TrumpSlurp the Troll
    Trollface

    Ratners Defence

    Well, it's a piece of crap anyway.

    Is this supposed to reassure parents and dissuade them from suing?

  15. the Jim bloke

    So Prior to the sale of these devices

    ..wannabe child molesters of whatever flavour had to track down their details by direct observation, or trawling social media.

    Are the details of these devices in a single database, or searchable in some fashion that allows the crim to say, "hmmm, I feel like a 7 year old tonight, lets take a look through Kid-E-Traks GPS records" ?

    I mean, apart from the abysmal device security, does it also (fail to) contain 'personally identifiable information' that makes life more convenient for such predators?

    If its only another shitty leaky IoT ripoff device, then all the OMG THINK OF THE CHILDREN !!!! is misplaced sensationalism, and its not particularly worse than any of the others, however, if there is an access-able database of users, or a specific range of addresses or mobile numbers associated with the devices, and child predators can use this knowledge to improve their predations... THEN the threat level is actually meaningful.

    1. Richard 12 Silver badge
      FAIL

      Re: So Prior to the sale of these devices

      Yes, there is such a database. They market it as being located in Germany.

      Given their general attitude to security, one assumes that database is live replicated all over PaedoNet and searchable by anyone who has enough PaedoCoin.

      You'd think someone would vaguely skim GDPR and security best practice before launching a device that has "I Am I Target" painted on it in such large red letters, but Internet Of Insecure Shite does seem to attract this kind of insanity.

      He should think himself lucky that his product was merely banned, rather then the other legal (and extra-legal) responses one can think of.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like