Time's Up: Android-Based Smartwatches Hacked

Sidebar Sidebar
Status
Not open for further replies.
Would it really be that hard to put a timer between password attempts? Even 1 second would suffice. And say a 15 minute cooldown after 5 wrong attempts?
 
Two things:

1. This problem can easily be fixed by having the Smartwatches use Bluetooth's Secure Simple Pairing (SSP). This can greatly improve the pairing process. Easily fixed with an update to the Smartwatch.

2. What these hackers demonstrated was that Bluetooth pairing (which is a one time setup task) is weak if you pair with only a handful of PIN digits -during- the pairing process. However, if you perform the one-time pairing when no attacker is around, even if you used an extremely weak 1 digit PIN, then afterwards your Bluetooth link is extremely secure.

This does -not- show a fundamental weakness of Android Smartwatch technology.
 
Would it really be that hard to put a timer between password attempts? Even 1 second would suffice. And say a 15 minute cooldown after 5 wrong attempts?
Click to expand...

That is not exactly how the hack works. It is not asking the devices to pair with the bluetooh sniffer. The sniffer is just capturing the traffic but the traffic seems to maybe be encrypted with a 6 digit PIN. This allows software to brute force the captured data rather quickly (minutes) until the decrypted information is displayed.
 
I work as a software engineer writing Bluetooth device firmware at my job, and the vulnerability in the BLE pairing protocol has been known for quite awhile. If we're concerned about security, we just encrypt the data ourselves in the application before sending it over the wireless link. I'm surprised Google didn't take the same approach, or fix their Bluetooth stack implementation to support 128-bit out of band keying.

By the way, Apple also does not currently support Bluetooth's out of band keying feature, and I really wish both companies would support it sometime soon.
 
Status
Not open for further replies.

Similar threads

D
Question About those Samsung Rings
Replies
1
Views
3K
Smartwatches
USAFRet
USAFRet
T
Question Need some recommendations for a laptop - Snapdragon vs Lunar Lake
Replies
1
Views
4K
Laptop General Discussion
rgd1101
rgd1101
U
Looking for the cell phone with the most privacy
Replies
6
Views
7K
Cell Phone General Discussion
COLGeek
COLGeek
Southern Belle1
Info TABLETS, LAPTOPS CAN’T UPGRADE!!!
Replies
3
Views
2K
Laptop General Discussion
USAFRet
USAFRet
S
My Droyd Fury Electric ATV shopping experience
Replies
10
Views
3K
Off-Topic / General Discussion
COLGeek
COLGeek

TRENDING THREADS

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom