According to the BBC, a security researcher discovered that the location tracking smartwatches MiSafe sold do not encrypt data, nor secure children’s accounts making it possible to track any watch and spoof phone calls to watches that appeared to be from parents.
All that was required to see account information evidently was to change the associated ID number and then you had access to another account which might include photos of the child, name, gender, birthday, height and weight, parent’s phone numbers, and the phone number of the kid’s watch.
The security researcher called it one of the simplest hacks he’d ever seen and not at all complicated.
They purchased some watches and found it was also possible to remotely turn on the mic and listen, and track current and past location, and alter the safe zones which you could expand and then remove a child from those areas.
They attempted to contact MiSafe and received no replies. The watches are evidently still for sale on MiSafe’s site.