Mentor/s
Sajal Bhatia bhatias@sacredheart.edu
Participation Type
Poster
Abstract
Security must be built into the core of any product or technological advancement during the early design stages. Unfortunately, many software companies still treat cybersecurity as an afterthought. Smartwatches are portable devices worn on the wrist, designed to enhance functionality and convenience by connecting to a mobile phone, providing many similar features, and improving the overall user experience. Despite smartwatches and fitness trackers having the largest market share of the wearable device market, they lack basic security features, leaving them vulnerable to attacks. Consumers are unaware of the risks associated with wearable technology, assuming that developers have their best interests at heart. Most smartwatches use Bluetooth and Bluetooth Low Energy (BLE) protocol. BLE protocol optimizes battery life, making it ideal for smaller devices. It works by operating in a constant sleep mode until a connection is initiated, and data can be slowly sent in small increments. Our poster highlights the exploitability of smartwatches by finding vulnerabilities in multiple Apple Watches through a virtualized Kali Linux environment. Using an Ubertooth, which is a BLE sniffing device, we could identify nearby devices using the BLE protocol. We could then utilize a Bluetooth dongle, a device that captures Bluetooth traffic, combined with hcitool and sdptool to find more information about the device. This gave us important details, such as the device name, connection parameters, and flags. Our findings evaluate the lack of security in smartwatches and the potential for dangerous violations if exploited by the wrong person. Ultimately, we aim to convince smartwatch developers to implement more product security. Smartwatches are here to stay, and consumers have the right to be technologically protected.
College and Major available
Computer Science BS, Cybersecurity
Location
Digital Commons & West Campus West Building University Commons
Start Day/Time
4-26-2024 12:00 PM
End Day/Time
4-26-2024 2:00 PM
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Prize Categories
Best Multidisciplinary Research or Collaboration, Most Scholarly Impact or Potential, Most Creative
Smartwatch Vulnerability Analysis: Focusing on Bluetooth Low Energy
Digital Commons & West Campus West Building University Commons
Security must be built into the core of any product or technological advancement during the early design stages. Unfortunately, many software companies still treat cybersecurity as an afterthought. Smartwatches are portable devices worn on the wrist, designed to enhance functionality and convenience by connecting to a mobile phone, providing many similar features, and improving the overall user experience. Despite smartwatches and fitness trackers having the largest market share of the wearable device market, they lack basic security features, leaving them vulnerable to attacks. Consumers are unaware of the risks associated with wearable technology, assuming that developers have their best interests at heart. Most smartwatches use Bluetooth and Bluetooth Low Energy (BLE) protocol. BLE protocol optimizes battery life, making it ideal for smaller devices. It works by operating in a constant sleep mode until a connection is initiated, and data can be slowly sent in small increments. Our poster highlights the exploitability of smartwatches by finding vulnerabilities in multiple Apple Watches through a virtualized Kali Linux environment. Using an Ubertooth, which is a BLE sniffing device, we could identify nearby devices using the BLE protocol. We could then utilize a Bluetooth dongle, a device that captures Bluetooth traffic, combined with hcitool and sdptool to find more information about the device. This gave us important details, such as the device name, connection parameters, and flags. Our findings evaluate the lack of security in smartwatches and the potential for dangerous violations if exploited by the wrong person. Ultimately, we aim to convince smartwatch developers to implement more product security. Smartwatches are here to stay, and consumers have the right to be technologically protected.
Students' Information
Hannah Fawle, Major: Cyber Security, Minor: Computer Science and Psychology, Graduation: May 2024
Danielle LeBlanc, Major: Cyber Security and Computer Science, Minor: Honors, Math, Physics, Graduation: May 2024
Honorable Mention, Best Multidisciplinary Research or Collaboration 2024 Award