You can Easily Tap into Smartphone to Smartwatch Communication, Discovers Security Firm
Insecure smartphone to smartwatch communication:
Wearables have been designed to completely mirror our lives on smartphones. From app data to emails and SMS, every notification is sent out to smartwatches for easy and prompt access. However, is that data secure? While tech giant like Facebook, Twitter, Google and others have increased security measures over the years, have OEMs designed this communication secure enough or is it putting our data at risk?
Romania-based security firm Bitdefender discovered in a research that with "a little ingenuity and some open-source tools,' it is quite easy to hack into the smartphone to smartwatch communication and access everything in plain-text. Security researchers have released a proof-of-concept video where they have demonstrated how easily can a cyber criminal hack into the data transmission between smartphone and a wearable. The tapping is possible as Bluetooth communication between the two devices depends on the security of a six-digit pin. Using brute-force technique, hacker could easily expose entire communications and conversations in plain text.
Over-the-air Bluetooth encryption is handled by the baseband co-processor, built into most Android devices. Previous research has proven that this baseband co-processor can be tampered with via over-the-air updates.
Our research involved analyzing the raw traffic before being sent over the air via the baseband co-processor. This means that relying only on baseband co-processors to handle the encryption is not a fool-proof security mechanism. It also raises the question of how easy it is for someone to update the firmware on the baseband co-processor once a vulnerability is disclosed.
Devices / OS used in this research:
Bitdefender suggests using Near Field Communication (NFC) to safely transmit data and pin code from smartphone to smartwatch. However, as pointed out in the report too, it may have an impact on battery due to an additional layer of encryption.
- You can access the complete report and details here