A KTH Royal Institute of Technology student uncovered severe vulnerabilities in a children's smartwatch, exposing camera, microphone, and speaker access to potential attackers. Gustaf Blomqvist's thesis revealed how the device's insecure network service allowed complete control through the internet.

Blomqvist chose this particular watch for his research because it was popular, feature-rich, and marketed with safety as a key selling point. His analysis began by examining the hardware and systems inside, then drawing inspiration from previous smartwatch hacks to identify potential attack vectors. The watch's multiple attack surfaces made it particularly vulnerable.

Once inside the system, Blomqvist gained access to the camera, microphone, and speakers, and could even send messages and eavesdrop on the surroundings. Professor Pontus Johnson emphasized the broader implications, noting that millions of similar systems suffer from comparable vulnerabilities. The research demonstrates that despite marketing claims, these devices remain fundamentally insecure, creating serious risks for children who wear them.