Smartwatches for children have entered the mainstream: Advertised on the subway and sold by your cell provider, manufacturers are charging premium prices comparable to an entry-level Apple watch.

In exchange, parents are promised peace of mind: A safe, gentle introduction into the world of technology — and a way to call, text, and locate their child at any time.

But how much are the vendor's promises of safety, privacy, GDPR compliance, apps made in Europe and cloud servers in Germany actually worth?

We take you along the process of hacking one of the most popular children's watches out there, from gaining initial access to running our own code on the watch. Along the way, we find critical security issues at every turn. Our PoC attacks allow us to read and write messages, virtually abduct arbitrary children, and take control over any given watch.

Finally, we'll also talk about disclosure, funny ideas of what passes as a security fix, and how we can use what we found to build something better.