Smartwatch Hacked, how to access data exchanged with Smartphone

Pierluigi Paganini December 11, 2014

Security experts at BitDefender demonstrated how is possible to access data exchanged between a smartwatch and a smartphone via Bluetooth.

The paradigm of Internet of Things is influencing modern society and the way it approaches the technology in everyday life.
An impressive amount of Intelligent devices surround us, but often we ignore the repercussion in term of security and privacy. The IoT devices are designed to improve our experience with technology, but we must consider thta they enlarge our surface of attack.

Today we will discuss the risk related to the use of a Smartwatch that is able to dialog with an Android smartphone.

A group of security researchers at BitDefender have demonstrated that the data sent between the Smartwatch and the Android mobile phone could be intercepted by an attacker that could be able to decode users’ data, including text messages to Google Hangout chats and Facebook conversations.

The attack is possible because the security of a Bluetooth communication between most Smartwatches and Android devices relies on a PIN code composed by six digits. But a secret code composed of six-digit has a “key space” composed of one million of possible key combinations, the bad news is that is can be quite easy to brute-force the code to access data exchanged on the secure communication.

The flaw is serious if we consider the rapid diffusion of smartwatch, and more in general of smart devices that use similar communication channels and mechanism to protect them.

The experts at Bitdefender made a proof-of-concept hack against a Samsung Gear Live smartwatch and a paired Google Nexus 4 handset running the super secure Android L Preview. The researcher demonstrated how to hack the communication by using sniffing tools available, the team was able to discover the PIN used to protect the Bluetooth connection between the smartwatch and the smartphone device.

smartwatch samsung_gear_live_specs

Basically, the attacker tried all possible combinations of PIN value until finding the correct one that allowed them to monitor the data stream between the devices.

Below the video Proof-of-Concept for the attack:

To mitigate the attack, the experts suggest adoption of NFC pairing procedure in pin code exchange or the use of passphrases. The first suggestion required the adoption of NFC devices that add a supplementary layer of encryption at the application level, but this has an impact battery life due to extra encryption computations.

“Part of the mitigation process involves using NFC pairing when sending the pin code or the use of pass-phrases. Of course, there’s always the option of adding a secondary layer of encryption at the application level, but this might shorten battery life due to extra encryption computations.” states the blog post published by BitDefender.

The experts also highlighted that Over-the-air Bluetooth encryption is handled by the baseband co-processor, that is present in the majority of Android devices, but this baseband co-processor can be tampered with via over-the-air updates.

Our research involved analyzing the raw traffic before being sent over the air via the baseband co-processor. This means that relying only on baseband co-processors to handle the encryption is not a fool-proof security mechanism. It also raises the question of how easy it is for someone to update the firmware on the baseband co-processor once a vulnerability is disclosed.”

Pierluigi Paganini

(Security Affairs –  smartwatch, Internet of Things)

you might also like

leave a comment