The European Commission has ordered the recall of a children’s smartwatch because it leaves them open to being contacted and located by attackers. In its recall alert, the Commission said the Enox Safe-Kid-One device posed a “serious” risk. Data sent to and from the watch was unencrypted allowing data to be easily taken and changed, it said. Enox said the decision was “excessive” and added that it had appealed against the ruling. The recall is believed to be the first issued because a product does not protect user data. “A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS,” wrote the Commission in its alert notice. It has directed public authorities across Europe to recall the product from end users. Enox founder Ole Anton Bieltvedt told reporters that the watch had passed tests carried out by German regulators last year allowing it to be sold.
The version the Commission tested was no longer on sale, he added. Enox planned to lodge an appeal with Iceland’s consumer protection regulator which had complained about the watch to the Commission. Mr Bieltvedt said Enox’s distributor in Iceland had made a “strong protest” and “they have appealed to the authorities in charge with the demand that this test conclusion would be reversed”. The Enox device comes fitted with GPS, a microphone and speaker and has a companion app that lets parents oversee the location of the wearer and contact them. Tests by security researchers on popular smartwatches aimed at children last year revealed some of their shortcomings. The security experts found it was easy to track children as the watches did a poor job of encrypting data or checking who was logging information. In November 2017, Germany banned smartwatches for children saying they were “spying devices”.