Notifications on Android Wear encrypted with easy to crack PIN




The encrypted communications between an Android phone and a smart watch with Android Wear is protected by a PIN of only six digits. That claims a security company. Who’ll hit the six-digit PIN, can intercept notifications to users.

With cracked PINs intercepted traffic can be decrypted and to read his messages, enables a security researcher at BitDefender. Cracking the PIN would not be difficult: because the six figures, there are more than a million possibilities. With a brute force attack referenced open source tools that code is easy to distinguish.

About the Bluetooth connection sends notifications by phone, such as instant messages, emails, text messages and incoming calls. To intercept traffic the attacker must be close to the user in the neighborhood, so that the bluetooth connection is in sight. The researcher used a Nexus with Android 4 L Preview and Samsung Gear Live smart watch with Android Wear.

Current smart phones and watches lay connection via Bluetooth 4.0 and 4.1 versions in which the steering Bluetooth SIG has put in a weaker protection than in older Bluetooth versions because it did not implement on time. In version 4.2 is adjusted. In many bluetooth connections moderate security is not a problem, but the traffic between an Android smartphone and an Android-Wear wearable may contain sensitive data. Google apparently did not choose to add an additional layer of security.

In: Technology & Gadgets Asked By: [18433 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »