Overview
- TU Darmstadt’s SEEMOO lab reports that private chats, images and voice notes between the parent app and the watch can be accessed, with attackers able to send messages as the child and spoof locations.
- A master’s thesis by Malte Vu, supervised by Nils Rollshausen, enabled developer mode and software extraction that revealed the systemic key vulnerability.
- The team disclosed the findings to Xplora in May 2025 after which partial mitigations in August and October did not eliminate the root weaknesses.
- The researchers involved Germany’s Federal Office for Information Security (BSI) and have now made the results public to highlight ongoing risk.
- Xplora says a comprehensive security update will roll out in January 2026 alongside a revised vulnerability-reporting program, and experts urge parents to rely on independent security assessments.