Smartwatch security flaw could lead to overdoses and deaths

person using a smartwatch
(Image credit: Shutterstock)

Dementia patients who use a popular mobile app designed to work with  smartwatches and GPS tracking devices could accidentally overdose on their medications due to a string of security flaws in the app.

Security researchers at Pen Test Partners have discovered several flaws affecting the SeTracker and SeTracker2 apps, which are available for both Android and iOS and run on, among other things, smartwatches designed for people with dementia.

Serious flaws

The apps, created by China-based 3G Electronics, tell millions of vulnerable users when to take their tablets and complete certain tasks. They are also used to interact with smartwatches for children and with GPS vehicle trackers. 

However, the researchers have warned that the SETracker applications contain serious security flaws that could let hackers gain access to millions of smartwatches used by dementia patients. 

They said: “The SETracker platform supports automotive trackers, including both car and motorcycle, often embedded in audio head units, and dementia trackers for your elderly relatives. The vulnerabilities discovered could allow control over ALL of these devices.”

Pen Test Partners also shot a video of their proof-of-concept exploit in action.

Deadly consequences 

In their investigation, the researchers found an unrestricted server-to-server API in the apps, and as a result were able to do things like make calls, send messages, spy on devices, send fake messages, stop a car engine and access cameras.

But one activity that could have potentially life-threatening consequences is telling a vulnerable user to take their medication.

The researchers warned: “These watches are not just marketed at children. Many use them for elderly relatives or family members with dementia. 

“It is trivial to send a command to the watch that prints ‘TAKE PILLS’ on the screen, which could result in dementia patients ‘over dosing’ on their medication, which may be life-threatening.”

The researchers were also able to view the apps' source code, which was publicly accessible. As a result, hackers could access things like:

  • MySQL passwords on all databases
  • Aliyun (Alibaba Cloud) file buckets credentials (an Amazon S3 equivalent with ALL their pictures)
  • Email credentials
  • SMS credentials
  • Redis credentials (for an open-source database platform)
  • IPs (Internet Protocol addresses) and services of 16 servers
  • The entire server-side source code for SETracker.
  • The default password "123456", which is hard-coded in the source code, although there is a way for a user to change this.

Fixing the issue

After Pen Test Partners alerted the app maker of these flaws, the vulnerabilities were patched.

Pen Test Partners confirmed: “We contacted 3G Electronics to ask them to shut down the API, given our (and others') previous efforts to disclose vulnerabilities [with which] we didn’t expect to have much success.

"Surprisingly, within 4 days from the initial disclosure, 3G Electronics had modified the server-to-server API by restricting it to specific IP’s.”

Devices like smartwatches are often affected by security flaws and are subsequently targeted by hackers. Users are advised to create unique passwords for app credentials, to only purchase reputable devices and ensure their apps are up-to-date.  

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Latest in Smartwatches
Atari 2600 My Play Watch
It's not just Pebble — Atari is back with a watch that lets you play retro games on your wrist
Pebble Core 2 Duo and Core Time 2 smartwatches
Pebble is back with two new smartwatches starting at $149 — how to preorder
Garmin Fenix 8 Sleep
New data reveals the average Garmin sleep score — do you sleep better or worse than most people?
Garmin Fenix 8 deal
Act fast! Unexpected discount sees Garmin Fenix 8 drop to its lowest price on Amazon
The coolest things the Apple Watch can do
7 best Apple Watch features you're probably not using, but should
Close-up of the Amazfit Active 2 and Apple Watch SE next to each other on a user's wrist
I put the Apple Watch SE vs Amazfit Active 2 through a 7-round face-off — here's the winner
Latest in News
IKEA TJÄRLEK vase set of 3
IKEA just dropped its colorful new spring collection — 3 items I’ll be buying
Stephen Graham as Eddie Miller in "Adolescence"
Netflix top 10 shows — here's the 3 worth watching right now
The Razer Blade 16 (2025) on a couch
Razer Blade 16 with RTX 5060 spotted in new leak — with a pretty shocking $1,999 price tag
iPhone Flip render
iPhone Flip could solve one of the biggest problems with foldable phones — here's how
CAD renders of the Google Pixel 10
Google Pixel 10’s Tensor G5 chipset could be very different — here’s what we know
Atari 2600 My Play Watch
It's not just Pebble — Atari is back with a watch that lets you play retro games on your wrist