March 4, 2026
Baby’s first spyware?
MyFirst Kids Watch Hacked. Access to Camera and Microphone
Parents panic, hackers yawn, EU promises rules while kids’ cams stay wide open
TLDR: A researcher easily hijacked a popular kids’ smartwatch, gaining control of its camera and microphone. Commenters mixed outrage with jokes and pushed for the EU’s Cyber Resilience Act, arguing this isn’t a one‑off — it’s a warning that children’s “smart” safety gear can be dangerously insecure.
A KTH student just turned a children’s smartwatch into a creepy remote baby monitor, and the internet is losing it. Gustaf Blomqvist found an online backdoor that let him take over the MyFirst Fone R1—camera, mic, speakers, the works. The crowd’s split: some are clutching pearls, others shrugging “we told you.” One user summed it up with tabloid flair: “found 17 vulnerabilities and full remote access” — and yes, parents are now side‑eyeing that “safety” pitch.
Drama hit fast. One commenter blasted the dead source link and called it “AI slop,” then dropped the name: MyFirst Fone R1, from Singapore — cue the meme: “find my first upon your device.” Meanwhile, policy fans cheered the EU’s CRA (Cyber Resilience Act) — a new rulebook meant to force companies to ship secure gadgets — while old‑timers reminded everyone this isn’t new, pointing to past hacks like Xplora and a Swedish TV exposé featuring the same professor. The mood: parents feel duped, hackers roll their eyes, regulators say help is coming. The big fear? If a toy watch can be hijacked, imagine the rest of our “smart” stuff. As one prof warned: millions of systems are just as fragile — and kids’ privacy is the collateral.
Key Points
- •A children’s smartwatch had an insecure network service accessible via the internet, enabling full remote control.
- •Gustaf Blomqvist’s thesis demonstrated access to the device’s camera, microphone, and speakers, and the ability to eavesdrop and send messages.
- •The researcher mapped hardware and systems, identified and prioritized weaknesses, and validated exploits.
- •The findings indicate ongoing security problems in kids’ smartwatches marketed as safety devices.
- •Professor Pontus Johnson stressed that software-based systems are highly vulnerable and difficult to secure, with broader infrastructure implications.