Wireless News
12-10-2014, 01:32 PM
Smartwatches and other wearable devices can manage tons of personal information, from texts and email messages to health and biometric data. But how safe is that information as it travels to and from the wearable? Not so safe, says Bucharest, Romania-based antivirus company Bitdefender. Android-based wearables, according to Bitdefender researchers, encrypt their Bluetooth transmissions with a six-digit passcode — in other words, a relatively short key that attackers could easily crack. MORE:12 Mobile Privacy and Security Apps Android-based wearables such as the Samsung Gear Live, which Bitdefender tested, communicate with their owners' smartphones via Bluetooth. This is generally considered secure because Bluetooth is short-range only and attackers would have to be in close physical proximity — usually no further than 10 meters, or 33 feet — to their targets. If the attackers are close by, however, it's a simple matter to "sniff," or detect, Bluetooth traffic. That's where encryption comes in: Android wearables do encrypt traffic between themselves and owners' smartphones. However, the password used to create this encryption, a six-number PIN typed in by the user upon initial "pairing" of the devices, is relatively insecure. The number of possible six-digit passcodes is only 1 million. That may seem like a lot, but a computer program, even one running on a smartphone, could guess the correct PIN very quickly through "brute force" — simply trying each possible combination until it found the right one. Once the encryption has been cracked, attackers can read everything transmitted by that smartwatch to the paired smartphone. In its demonstration, Bitdefender researchers used a Samsung Gear Live smartwatch and a Google Nexus 4 smartphone. They paired the two devices, then used relatively simple analytical software to sniff the Bluetooth connection and brute-force the encryption. "With quite a few wearables out there that rely on Bluetooth pairing to receive the text messages and for various forms of chatting, security issues should be treated with the utmost seriousness," Bitdefender senior research analyst Liviu Arsene said in a proof-of-concept video. Smartwatches and other wearables are part of what experts call the Internet of Things, a network of Internet-connected appliances that also included "smart" refrigerators, air conditioners and home security systems. These objects predate the Internet, but many new versions offer global connectivity — and the associated security risks.- "The Internet of Things is truly a marvelous concept, but only as long as we do not overlook security implications," Arsene said. "The security risks could easily be fixed with stronger or better methods for ensuring the safety of the entire communication." How to Use Wickr Privacy App Best Android Antivirus Apps 2014 What Encryption Is and How It Works for You Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can- follow Jill on Twitter- @JillScharr -and on- Google+ .- Follow us-@tomsguide,-on-Facebook-and on-Google+. Copyright 2014 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
More... (http://news.yahoo.com/times-android-based-smartwatches-hacked-171619796.html)
More... (http://news.yahoo.com/times-android-based-smartwatches-hacked-171619796.html)