SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
17 Dec 2014

Hackers know how to access data sent between smartphones and smartwatches

Security experts at BitDefender demonstrated how is possible to access data exchanged between a smartwatch and a smartphone via Bluetooth.

The paradigm of Internet of Things is influencing modern society and the way it approaches the technology in everyday life.

An impressive amount of Intelligent devices surround us, but often we ignore the repercussion in term of security and privacy. The IoT devices are designed to improve our experience with technology, but we must consider thta they enlarge our surface of attack. Today we will discuss the risk related to the use of a Smartwatch that is able to dialog with an Android smartphone. A group of security researchers at BitDefender have demonstrated that the data sent between the Smartwatch and the Android mobile phone could be intercepted by an attacker that could be able to decode users’ data, including text messages to Google Hangout chats and Facebook conversations.

The attack is possible because the security of a Bluetooth communication between most Smartwatches and Android devices relies on a PIN code composed by six digits. But a secret code composed of six-digit has a “key space” composed of one million of possible key combinations, the bad news is that is can be quite easy to brute-force the code to access data exchanged on the secure communication.

The flaw is serious if we consider the rapid diffusion of smartwatch, and more in general of smart devices that use similar communication channels and mechanism to protect them. The experts at Bitdefender made a proof-of-concept hack against a Samsung Gear Live smartwatch and a paired Google Nexus 4 handset running the super secure Android L Preview. The researcher demonstrated how to hack the communication by using sniffing tools available, the team was able to discover the PIN used to protect the Bluetooth connection between the smartwatch and the smartphone device.

Basically, the attacker tried all possible combinations of PIN value until finding the correct one that allowed them to monitor the data stream between the devices.

Below the video Proof-of-Concept for the attack:

To mitigate the attack, the experts suggest adoption of NFC pairing procedure in pin code exchange or the use of passphrases. The first suggestion required the adoption of NFC devices that add a supplementary layer of encryption at the application level, but this has an impact battery life due to extra encryption computations.

“Part of the mitigation process involves using NFC pairing when sending the pin code or the use of pass-phrases. Of course, there’s always the option of adding a secondary layer of encryption at the application level, but this might shorten battery life due to extra encryption computations.” states the blog post published by BitDefender.

The experts also highlighted that Over-the-air Bluetooth encryption is handled by the baseband co-processor, that is present in the majority of Android devices, but this baseband co-processor can be tampered with via over-the-air updates.

“Our research involved analyzing the raw traffic before being sent over the air via the baseband co-processor. This means that relying only on baseband co-processors to handle the encryption is not a fool-proof security mechanism. It also raises the question of how easy it is for someone to update the firmware on the baseband co-processor once a vulnerability is disclosed.”

Tags:
smart watches Bluetooth hackers Android
Source:
Security Affairs
2178
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015