Researchers from security firm Bitdefender have discovered that data sent between smartphones and smartwatches is susceptible to hacking. The transmission of calendar entries, text messages, and biometric data between devices is done via Bluetooth with a six-digit encryption, but are sensitive to a ‘brute force’ attack in which every possible number combination is tried until the encryption is unlocked.
Bitdefender performed a proof-of-concept hack to access a Samsung Gear Live smartwatch, paired with a Google Nexus 4. The Bluetooth encryption was easily brute-forced using existing and readily-available decryption software. Once hacked, the researchers were able to monitor all data sent between the two devices.
The trial has exposed a common security flaw in six-digit encryption, hopefully motivating smart device manufacturers to up their game in future.
Source: Ars Technica