How GPS tracking devices designed to protect children ‘can be used by STALKERS to follow their every move’
- TicTocTrack temporarily suspended its service due to a potential security flaw
- The company released an email to users on Tuesday saying it was investigating
- Researchers in the UK and Brisbane found anyone could access a user’s location
A GPS tracking device has temporarily shut down its service after researchers found a flaw that would allow anyone to track a user’s location.
TicTocTrack alerted customers it would suspend its service on Tuesday afternoon until it can confirm the ‘validity’ of the flaws and subsequently fix them.
In an email alerting the company, computer researchers Ken Munro and Troy Hunt said they discovered the software failed to ‘correctly check that the person logged into the account is the person authorised to access that data,’ The Age reported.
‘As a result, anyone can access anyone else’s data,’ the email said.
The company announced it would be offering customers refunds on subscriptions if they are unable to resolve the potential issue.
TicTocTrack alerted customers it would suspend its service on Tuesday afternoon until it can confirm the ‘validity’ of the security flaws
The $210 smartwatch was designed to keep children safe by allowing parents to track their location using the app on their phone or computer (stock photo)
‘We would like to confirm that to this day, there has never been a security breach that has lead (sic) to our customer’s personal data being used for malicious purposes,’ founder Karen Cantwell said in an email.
‘Our dedicated team are constantly working to improve our software and make it as safe as possible for all our users.’
The $210 smartwatch was designed to keep children safe by allowing parents to track their location using the app on their phone or computer.
The full service plan, which requires a SIM provided by Telstra, is only $19.99 a month and includes unlimited data, texts to the watch, and app access.
In a blog post demonstrating the software vulnerability, the tracker was found to have ‘leaked’ kids’ position in real time and allegedly ‘allowed anyone to silently listen to children through the watch.’
Hunt tested the service with his daughter Elle, six, and posted a video showing how easy it was for a ‘stranger’ to contact her through the watch.
‘Even for me, that video is creepy. It required zero interaction because [other party] was able to add himself as a parent and a parent can call the device and have it automatically answer without interaction by the child,’ he said.
Mrs Cantwell said the company hopes to restore service by Wednesday.
Researchers in the UK and Brisbane found anyone could access a user’s location