Security research of bluetooth devices based on smart watches
DOI:
https://doi.org/10.18372/2225-5036.29.17548Keywords:
Bluetooth, security systems, cyber security, Xiaomi Mi Watch, smart watches, UbertoothAbstract
The Internet of Things (IoT) is a network of physical devices that have built-in sensors and software to transmit and exchange data between the physical world and computer systems capable of collecting and processing that data. Smart watches can be considered as IoT devices because they are equipped with almost all necessary technologies. These are wearable computers with built-in sensors and communication systems. Studying the security of bluetooth in smart watches is very important due to the fact that the modern world is closely related to the use of wireless technologies and Bluetooth is one of the most common technologies of this type. Bluetooth devices contain a large amount of personal information about the user, such as: geolocation, contacts, messages and other data stored on the device. If protection against attacks is not sufficient, attackers can gain unauthorized access to users' personal data, which can lead to serious consequences, including the theft of identity and financial data and other sensitive information. The study describes how potential attackers can use Bluetooth technology to compromise data and what steps you can take to protect your Bluetooth devices from such attacks. Recommendations for setting up Bluetooth devices, using passwords and encryption, and other data protection methods are provided. Examples of malicious attacks on Bluetooth devices are given using the example of a sniffing attack using the Ubertooth one. The research can be useful for anyone who uses Bluetooth devices, especially smartwatches, and wants to protect their data from being stolen.
References
Cпецифікація Bluetooth [Електронний ресурс] – https: // www. bluetooth. com / specifications / bluetooth-core-specification/.
Опис технічних характеристики Ubertooth One [Електронний ресурс] – https: // github. com/ greatscottgadgets/ubertooth/wiki.
І.Р. Опірський, І.С. Р.В. Головчак, І.Р. Мой-сійчук, Т. Балянда, і С. Гаранюк, «Проблеми та загрози безпеці іот пристроїв»// Кібербезпека: освіта, наука, техніка, вип. 3, вип. 11, С. 31-42, 2021.
Опірський І.Р., Тютіков О.Ю. Проблематика побудови концепції «Розумного міста» // НАУ: «Захист інформації». – Том 2, Випуск №22. – Київ, 2020р. С.114-119.
Asonov, D., and Agrawal, R. Keyboard acoustic emanations. In IEEE S & P (2004).
Cai, L., and Chen, H. Touchlogger: Inferring keystrokes on touch screen from smartphone motion. In HotSec (2011).
Owusu, E., Han, J., Das, S., Perrig, A., and Zhang, J. ACCessory: Password Inference Using Accel-erometers on Smartphones. In ACM HotMobile (2012).
Vuagnoux, M., and Pasini, S. Compromising electromagnetic emanations of wired and wireless keyboards. In USENIX Security (2009).
Xu, Z., Bai, K., and Zhu, S. Taplogger: Inferring user inputs on smartphone touchscreens using on
P. C. van Oorschot, A. Somayaji, and G. Wurster, “Hardware-assisted circumvention of self-hashing software tamper resistance,” IEEE Transactions on Dependable and Secure Computing, vol. 2, no. 2, pp. 82–92, April 2005.
A. Lewis, Y. Li, and M. Xie, “Real time motion-based authentication for smartwatch,” in 2016 IEEE Conference on Communications and NetworkSecurity (CNS), Oct 2016, pp. 380–381.
A. H. Johnston and G. M. Weiss, “Smartwatch-based biometric gait recognition,” in 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS), Sept 2015, pp. 1–6.
M. Guerar, M. Migliardi, A. Merlo, M. Benmo-hammed, and B. Messabih, “A completely automatic public physical test to tell computers and humans apart: A way to enhance authentication schemes in mobile devices,” in 2015 International Conference on High Performance Computing Simulation (HPCS), July 2015, pp. 203–210.
A. Bianchi, I. Oakley, V. Kostakos, and D. S. Kwon, “The phone lock: Audio and haptic shoulder-surfing resistant pin entry methods for mobile devices,” in Proceedings of the Fifth International Conference on Tangible, Embedded, and Embodied Interaction, ser. TEI ’11. New York, NY, USA:ACM, 2011, pp. 197–200.
D. Nyang, A. Mohaisen, and J. Kang, “Keylogging-resistant visual authentication protocols,” IEEE Transactions on Mobile Computing, vol. 13, no. 11, pp. 2566–2579, Nov 2014.
I. Oakley, J. H. Huh, J. Cho, G. Cho, R. Islam, and H. Kim, “The personal identification chord: A four button authentication system for smartwatches,” in Pro-ceedings of the 2018 on Asia Conference on Computer and Communications Security, ser. ASIACCS ’18. New York, NY, USA: ACM, 2018, pp. 75–87.
A. Merlo, M. Migliardi, and P. Fontanelli, “Measuring and estimating power consumption in an-droid to support energy-based intrusion detection,” vol. 23, no. 5, pp. 611–613.
