A vulnerability in the API allowed GPS tracking of third-party clocks

Many tech-savvy parents may have come across the so-called Xplora smartwatch. This is a very popular smartwatch for children, which is also sold by Telekom in this country and which, among other things, allows the clock to be located via GPS. According to a report on GitHub, a recently patched security leak in the associated app’s API allowed an attacker to determine not only the GPS location of their own watch, but also that of contacts who also have an Xplora watch. which is in the child’s watch have been filed. The discrepancy was only discovered when a user attempted to connect the Xplora to HomeAssistant, our tipster Sebastian continues. As already mentioned, the discrepancy has probably been corrected in the meantime and, according to the operators of the app, it should not have been exploited.

This article contains affiliate links, so we mark it as advertisement. By clicking on it, you will directly access the supplier. If you decide to make a purchase there, we will receive a small commission. Nothing changes in the price for you. Thank you for your support!