An Australian company behind a GPS tracking smartwatch for children backed to the tune of $1 million by the Queensland government has been found to be vulnerable to a security flaw that computer security researchers say allowed them to track a child, make them appear in another location, call them, and listen to them - without any interaction from the user.

It's every parent's worst nightmare: discovering the smartwatch tracking device you bought to protect your child could be used instead by a stranger to stalk them.

TicTocTrack founder Karen Cantwell with son Hunter, from an interview with Nine's Today show in 2014. Credit:Nine

But that's the reality confronting those who purchased the $210 smartwatch marketed by Australian mother Karen Cantwell, from Brisbane, who is behind the TicTocTrack device.

The company sent an email to users about the issue on Monday afternoon explaining why it would temporarily shut down its service after Ken Munro, a computer security researcher from Britain, told it of the flaw over the weekend. Mr Munro also worked with Troy Hunt, another researcher from Brisbane, to uncover the vulnerability and demonstrate how "trivial" it was to exploit.