Bitdefender proves Bluetooth wearables’ vulnerability
Most devices on the market use Bluetooth to communicate, and therefore rely on a six-digit PIN code to authenticate between them. This represents approximately one million possible keys which with today's computing power is simple to crack and allow an attacker access to private data about the user without consent.
The researchers showed how information from the wearable device could be revealed in plain text
Other than just notifications, wearable devices are collecting data such as location and health information. Such data could be used to work out when a person's home or workplace will be empty, or even held to ransom in the case of public figures. Data manipulation, particularly of health data, could have serious consequences.
The researchers from Romania-based Bitdefender used a proof-of-concept attack between a Samsung Gear Live smartwatch and a Google Nexus 4 handset running the latest Android L mobile operating system to show how a brute force attack is carried-out over a Bluetooth connection between the two paired devices...
Once the correct combination was found, the researchers showed how information from the wearable device could be revealed in plain text. It goes to show how most current devices on the market are vulnerable, and anyone worried about their personal data and privacy should avoid using a wearable whilst data transfer is still so insecure.
A potential solution is to use NFC (Near Field Communication) for pairing which would reduce the ability for an attacker to carry out the brute force wirelessly. The use of NFC would require the potential attacker to have physical access to the device - which isn't 100% secure - but would at least make their lives a little more difficult.
We have reached out to the Bluetooth SIG for comment on this story...
Are you concerned by Bitdefender's proof-of-concept? Let us know in the comments.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.