我的第一儿童手表被黑客入侵。可访问摄像头和麦克风。

我的第一儿童手表被黑客入侵。可访问摄像头和麦克风。
MyFirst Kids Watch Hacked. Access to Camera and Microphone

原始链接: https://www.kth.se/en/om/nyheter/centrala-nyheter/kth-studenten-hackade-klocka-for-barn-1.1461249

古斯塔夫·布洛姆奎斯特的论文揭示了一款热门儿童智能手表存在严重的安全漏洞。他发现了一个容易访问且不安全的网络服务，允许通过互联网完全控制设备——包括摄像头、麦克风和消息功能。这为潜在的滥用打开了大门，例如窃听和拒绝服务攻击。布洛姆奎斯特有意识地选择了一款功能丰富、流行的手表，强调了以儿童*安全*为卖点的设备往往出人意料地容易受到攻击。他的研究表明，黑客行为并非“魔法”，而是一个系统地绘制系统地图和识别漏洞的流程。教授蓬图斯·约翰逊强调了更广泛的影响，指出研究结果强调了基于软件的系统普遍存在的漏洞以及难以保障其安全，这可能会影响关键数字基础设施。这篇论文是对与联网设备相关的安全风险，甚至是那些专为儿童设计的设备，发出的严厉警告。

一名皇家理工学院的学生发现了MyFirst Fone R1s儿童智能手表中的严重安全漏洞。他的研究，详细记录在题为“儿童智能手表伦理黑客攻击”的论文中，揭示了17个漏洞，允许通过互联网进行完全远程访问。攻击者可以利用这些漏洞访问摄像头和麦克风，读取/发送消息，甚至发起拒绝服务攻击。该学生还发现预装的恶意代码将设备数据传输到远程服务器，且更新机制存在漏洞。尽管已向制造商报告了这些问题，但沟通已中断。专家指出，小型公司通常缺乏强大的安全资源，强调了像即将到来的欧盟网络复原力法案（2027年全面实施）这样的法规的必要性，以提高联网设备的安全性能，特别是那些面向儿童安全的设备。

– revealing serious security flaws

portrait — Gustaf Blomqvist discovered a serious vulnerability in a smartwatch designed for children. (Photo: Private)

Published Mar 04, 2026

The smartwatch for children that Gustaf Blomqvist hacked in his thesis turned out to be a security disaster. The watch had an insecure network service that anyone could access via the internet.

”As an attacker, you can then take complete control of the watch and use everything it has. There are lots of scenarios where the watch can become a security risk and where it can be used for denial-of-service attacks, which is a major social problem,” he says.

In his thesis, ”Ethical hacking of a Smartwatch for Kids: A Hacker's Playground” , Gustaf Blomqvist demonstrates how easy it is to hack a smartwatch for children. Smartwatches for children have been hacked before, so Gustaf Blomqvist chose a watch that was different from those that had been hacked previously.

He also based his choice on several criteria: the watch had to be popular and have a lot of functionality, as this meant there were more attack surfaces. Smartwatches for children are also sold with safety as a key selling point, so parents can feel secure and stay in touch with their children.

"At the beginning of my work, I found out what was inside the watch, what hardware and systems it had. I also drew inspiration from other hacked watches to understand what potential vulnerabilities might exist," he explains.

"May seem like magic"

When hacking, you need to map out the system, understand how it works, and how you can interact with it. This information serves as the basis for identifying any weaknesses that may exist. Once the weaknesses have been identified, they are prioritised, checked for accuracy and combined as necessary.

”Hacking may seem like magic, but it's all about technology, and as a hacker, you need to have a good technical understanding of systems,” he says.

Gustaf Blomqvist found a serious vulnerability in an attack surface that no one had previously examined, and also gained access to the camera, microphone, and speakers. He was even able to send messages and eavesdrop on the surroundings.

Difficult to secure

‘This shows that there is still a security problem with these watches that are intended for use by children,” he says.

Pontus Johnson, professor of network and systems engineering, believes that what Gustaf Blomqvist's thesis reveals is serious.

”Society at large needs to understand how vulnerable software-based systems are and how difficult it is to secure them. The really serious thing is that millions of other systems are just as vulnerable and that our digital infrastructure, even the critical parts, suffer from an incredible number of vulnerabilities,” he says.

Text: Emelie Smedslund ( [email protected] )