Data moving between your smartwatch and phone can be easily stolen

7comments
Data moving between your smartwatch and phone can be easily stolen
While we have been getting quite a bit of good news today when it comes to wearables, and specifically the Android 5.0 Lollipop update coming to Android Wear smartwatches, there is also some bad news to pass along. It turns out that the data moving between your smartwatch and smartphone is not secured very well, and can be easily stolen.

The exploit was recently proven by Bitdefender using a Samsung Gear Live and a Google Nexus 4 running a preview version of Android 5.0. The exploit gains access, because Bluetooth's PIN number pairing method is easily overcome by a brute force attack, since there are only one million possible PIN combinations. The hacking tools are easily found, and once the PIN is found through a brute force attack, any data moving between your smartwatch and phone can easily be captured. A lot of the data currently being passed between your wearable and phone is relatively useless, like weather, sports scores, or generic app alerts. But, it also leaves any messaging or calendar event data open to be stolen. 

Android Wear currently relies on your smartwatch co-processor to handle encryption, but that is easily overcome, according to Bitdefender. A change to the way Bluetooth authenticates a pairing connection could help fix the problem, like a move to NFC authentication for Bluetooth pairing, so a brute force attack wouldn't be possible. But, a fix will take time to get sorted out, and your data could be at risk in the meantime. 

Video Thumbnail

Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless