Smartwatch Hacked, how to access data exchanged with Smartphone

Security experts at BitDefender demonstrated how is possible to access data exchanged between a smartwatch and a smartphone via Bluetooth.

The paradigm of Internet of Things is influencing modern society and the way it approaches the technology in everyday life.
An impressive amount of Intelligent devices surround us, but often we ignore the repercussion in term of security and privacy. The IoT devices are designed to improve our experience with technology, but we must consider thta they enlarge our surface of attack.

Today we will discuss the risk related to the use of a Smartwatch that is able to dialog with an Android smartphone.

A group of security researchers at BitDefender have demonstrated that the data sent between the Smartwatch and the Android mobile phone could be intercepted by an attacker that could be able to decode users’ data, including text messages to Google Hangout chats and Facebook conversations.

The attack is possible because the security of a Bluetooth communication between most Smartwatches and Android devices relies on a PIN code composed by six digits. But a secret code composed of six-digit has a “key space” composed of one million of possible key combinations, the bad news is that is can be quite easy to brute-force the code to access data exchanged on the secure communication.

The flaw is serious if we consider the rapid diffusion of smartwatch, and more in general of smart devices that use similar communication channels and mechanism to protect them.

The experts at Bitdefender made a proof-of-concept hack against a Samsung Gear Live smartwatch and a paired Google Nexus 4 handset running the super secure Android L Preview. The researcher demonstrated how to hack the communication by using sniffing tools available, the team was able to discover the PIN used to protect the Bluetooth connection between the smartwatch and the smartphone device.

Basically, the attacker tried all possible combinations of PIN value until finding the correct one that allowed them to monitor the data stream between the devices.

Below the video Proof-of-Concept for the attack:

To mitigate the attack, the experts suggest adoption of NFC pairing procedure in pin code exchange or the use of passphrases. The first suggestion required the adoption of NFC devices that add a supplementary layer of encryption at the application level, but this has an impact battery life due to extra encryption computations.

“Part of the mitigation process involves using NFC pairing when sending the pin code or the use of pass-phrases. Of course, there’s always the option of adding a secondary layer of encryption at the application level, but this might shorten battery life due to extra encryption computations.” states the blog post published by BitDefender.

The experts also highlighted that Over-the-air Bluetooth encryption is handled by the baseband co-processor, that is present in the majority of Android devices, but this baseband co-processor can be tampered with via over-the-air updates.

“Our research involved analyzing the raw traffic before being sent over the air via the baseband co-processor. This means that relying only on baseband co-processors to handle the encryption is not a fool-proof security mechanism. It also raises the question of how easy it is for someone to update the firmware on the baseband co-processor once a vulnerability is disclosed.”

Pierluigi Paganini

(Security Affairs – smartwatch, Internet of Things)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.