Security and anti-virus maker Bitdefender has released a warning to smarthphone users who use peripherals such as smartwatches—they're not as invulnerable as most people think, and in fact can be quite easily hacked. To prove their assertion, they filmed one of their engineers hacking into a smartwatch and released it onto the Internet.
By now, most people are aware of the dangers of saving data from their phones to the Internet—private photos of celebrities and personal information of those who worked for Sony have made that patently clear. But what many may not be considering is data that passes between their smartphone and another local peripheral, such as a smartwatch, heart monitor, etc. Such devices typically make use of Bluetooth technology, which has developed a reputation as being reasonably secure. But now, that reputation is being called into question as engineers with Biddefender show that capturing data that moves between a smartwatch and a smartphone isn't all that difficult.
Bluetooth devices maintain security by use of a six digit PIN, but of course, hacking such a code by brute force is rather straightforward, as was seen in the video posted by the engineers—all they needed to do was run a program that tried every single possibility. They also show that once someone has the passcode, all they need is some rather easily obtainable eavesdropping gear to capture everything that goes on between the devices, much of which is in plaintext.
What the findings by the security company don't address is whether most people really need to worry about someone going to all the trouble of hacking into their smartwatch, heart monitor or other peripheral. Clearly it might be an issue with politicians, celebrities, etc., but should it really matter to the rest of us? It might be worth noting that to carry out such a hack as demonstrated by Biddefender, the hacker would have to be awfully close to the victim, which might mean they actually know the victim or are related to them. In the future, as we all slowly adopt the "Internet of Things" will we need to worry about hackers watching transactions between our phones and our WiFi enabled toasters, coffee makers, lights, etc. Perhaps, this will all become moot if someone develops a more robust, second layer of security, that's run on the phone.