Exploit: Unauthorized database access
iStaySafe Pty: GPS smartwatch for children
Risk to Small Business: 2.434 = Severe
This product lets parents track their child’s location and alerts them if the child leaves their designated safe location – but a coding error allowed hackers to download users’ personal data and mimic their location on the service. This dangerous vulnerability not only disrupted that functionality, it also gave hackers access to minors’ location and personally identifiable information. To make matters worse, this is the second time that the watchmaker has experienced this flaw. The same problem was discovered and repaired in 2019, raising serious questions about the platform’s commitment to cybersecurity.
Individual Risk: 1.899 = Severe
The breach allowed hackers to access users’ names, email addresses, phone numbers, and profile photos. In addition, bad actors could modify minor children’s location data. This information could be used to craft spear phishing campaigns or for exploitative criminal purposes, so users should be especially vigilant to assess their use of the product.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers are increasingly unwilling to do business with companies that can’t protect their personal information. At the same time, privacy regulators are backing them up, collectively ensuring that companies have millions of reasons to execute on this mission critical priority.
Source:
https://www.bankinfosecurity.com/australian-kids-smartwatch-maker-hit-by-same-bug-again-a-14046