by Lisa Vaas
We’re sort of accustomed to Google Maps shenanigans, but usually they’re funny, and/or cat-obsessed.
Like, say, the New Zealand map-cat behemoth that was for a time stretching off one side of Auckland’s Hobson Bay Walkway over to where its head was nearly touching the northwestern section of the trail: a full 250 meters of “ha-HA, Google, take THAT with your user-editable maps!”
But there’s lately been some map mischief with a far more serious intent: a German researcher who tried for over a year to get a smartwatch vendor to respond to vulnerability reports has tried to get the vendor’s attention by cyber-vandalizing the tracking maps of hundreds of GPS watches by printing the word “PWNED!” on them.
The researcher, Christopher Bleckmann-Dreher, has been trying to draw attention to over 20 models of GPS-tracking watches, some of which are used by children and the elderly, that he says are vulnerable to attackers.
They’re manufactured by the Austrian company Vidimensio. As Dreher outlines in his “Watchgate” slide deck (PDF), the watches have vulnerabilities that include communications with a backend API that allow eavesdropping and tracking of users, as well as allowing for data stored on the API server to be altered and for strangers to issue commands to users’ watches.
This is the timeline for what the security researcher says is the vendor’s failed fixes:
October 2017: A string of issues with kids’ smartwatches kicked off with the Norwegian Consumer Council’s (NCC’s) report that looked at four models and found that they were giving parents a false sense of security. Some features, such as the SOS panic button and the geofencing alerts to keep track of kids’ whereabouts, didn’t work reliably.
Most worrying of all, the NCC found that through …
Author: Lisa Vaas