The Security Implications of Wearables, Part 3
In the second post of this series, we discussed the first two types of attacks involving wearables. We will now proceed to the third type of attack, which can be considered the most damaging of the three.
High User Risk, Low Feasibility Attacks
These attacks are considered the most dangerous but these are also considered the least likely to happen. If an attacker manages to successfully compromise the hardware or network protocol of a wearable device, they would have access to the raw data in the ‘IN’ devices but also the ability to display arbitrary content on ‘OUT’ devices.
These scenarios range from personal data theft to mangling the reality of a camera device. These attacks might affect the wearer adversely and might even stop them from performing their daily routines. These attacks can also have a major impact if these devices are used in a professional setting: a simple Denial-of-Service (DoS) attack could prevent a doctor from operating on a patient or prevent a law enforcement agent from acquiring input data to catch criminals.
Given that the single, most-used protocol used by these devices is Bluetooth, a quick explanation would be helpful. Bluetooth is a short range wireless protocol similar to Wi-Fi in uses but with a big difference. Whereas Wi-fi has an “access point” philosophy in mind, Bluetooth works like an end-to-end kind of communication. You need to pair two devices in order to make two devices “talk” to each other via Bluetooth. In this pairing process, the devices interchange an encryption key that will serve to establish communication between the two devices. Another difference with Wi-Fi is that Bluetooth tries to minimize radio interference by hopping from one band to another in a pre-established sequence.
This type of set-up has two main effects on hacking via Bluetooth. One, an attacker needs to acquire the encryption key being used by listening to the paired devices the first time these sync up. Any later than that and the communication will be just noise to the intruder. Two, a DoS attack needs to broadcast noise in a wide range of frequencies in use by the protocol in order for it to have an impact. This is not impossible but such an attack involves a bigger effort than against just any other radio protocol.
Attacks are still possible but the odds are much lower compared to other types of attacks. The fact that the attacker needs to be physically near the devices limits the objectives that such an attack has to have. These attacks will probably be a highly targeted attack where the data being exchanged is of particular use to the attacker or altering the victim’s perception is paramount. The scope of these possible attacks is very narrow: non-monetary and highly targeted.
In the most improbable scenario, an attacker that would be able to take over one of these devices would be able to use it to perform other attacks from there. Once the attacker has complete control over the device, they can use it – at the very least – to access web pages. This may enable the attacker to perform click fraud by accessing advertisements or any other web page or even perform DoS attacks against other systems. Such an attack would require the ability for the attacker to understand how to execute code on the particular device and that is usually not possible or feasible so this particular scenario belongs to the improbable category.
Figure 1. Attackers controlling the wearable device
Attacking the App Layer
Another possible attack vector for wearables is attacking the app layer and hijacking the data going to the cloud. This attack may allow bad guys to perform the following:
- Listen to the information being sent by the local app.
- Tap the data being stored in the mobile device.
We tested some applications to check the feasibility of such an attack. Both Fitbit and Pebble encrypt their sessions with SSL (HTTPS) and they also check the SSL certificates of the remote sites. Thus, spoofing the communication by using a different self-signed certificate will not work. Because these apps cannot be fooled with man-in-the-middle attacks, the information remains protected on its way to the cloud. This remains a valid attack vector as mobile applications from other vendors might not be protecting their data in the same way.
New Devices, New Possibilities
New devices mean new possibilities for attackers. Though not all the scenarios we presented might occur, some of these attacks are easy enough to pull off or at least try. Security researchers need to consider these new attack avenues and look out for new developments in wearables and other new fields in order to be ready if and when any of these conceptual attacks finally happen.
You may read the previous entries for “The Security Implications of Wearables:”
For more information about wearables, you may check out the article “Are You Ready for Wearables?” and the infographic, “The Ins and Outs of Wearable Devices.” For more information about smart devices, you may visit our Internet of Everything hub.