Researchers highlight security risks of wearable connected devices

Researchers highlight security risks of wearable connected devices

Kaspersky Lab researchers report on how Google Glass and Samsung Galaxy Gear 2 could affect people’s privacy and security.

Wearables such as smartwatches and miniature electronic devices like Google Glass pose security risks that organisations need to address, according to researchers at Kaspersky Lab.

They underscored the risks of connected devices in a hyperconnected world and the security implications of the Internet of Things.

In a statement, the security firm cited the results of the research of Roberto Martinez and Juan Andres Guerrero on how Google Glass and Samsung Galaxy Gear 2 could affect people’s privacy and security.

Google Glass and the Man-in-the-Middle (MiTM)

There are two ways to surf the Web from Google Glass; through Bluetooth pairing with a mobile device that shares its data network connection, or directly through wi-fi.

The latter gives the user more freedom since it does not require a separate mobile device in order to access the Internet.

However, according to Martinez, this functionality also means that the Glass is exposed to network vector attacks, particularly MiTM, where a communication between two systems can be intercepted.

Read more: 3 scenarios for ‘reinventing’ your business for the digital age

This was discovered in an experiment conducted by Kaspersky Lab researchers after attaching the device to a monitored network and checking the data it transmitted.

The results of the captured data analysis showed that not all the traffic exchanged between the device and the hot spot was encrypted. In particular, it was possible to find out that the targeted user was looking for airlines, hotels and tourist destinations. In other words, it was possible to perform a profiling task through a simple form of surveillance.

“We admit that it is not a very damaging vulnerability, but even so, profiling via meta data from Web traffic exchange could become the first step of a more complex attack against the device’s owner,” said Martinez, who performed the investigation.

A tool for espionage

Dedicated apps for Galaxy Gear 2 are loaded onto the device with help of Gear Manager, a special app by Samsung designed to transmit an app from the smartphone to the smartwatch. As Guerrero discovered, when an app is installed on the smartwatch’s operating system, there is no notification shown on the watch display. This obviously makes targeted attacks involving silent app installation possible.

“At this time there is no evidence to suggest that wearables are currently being targeted by professional APT actors,” said Guerrero. “However there is a two-fold appeal presented by wearables that make them a likely future target if they are widely adopted by consumers. In future, the data collected by wearable devices is going to attract new players to the cyber-espionage scene.”

The spying potential of Galaxy Gear 2

When he examined his Samsung Galaxy Gear 2, Guerrero said the device is deliberately designed to make a loud noise and warn people nearby if it is being used to take a photo.

Read more: The Internet of Things calls for a different mindset

A deeper look into the software of Galaxy Gear 2 revealed that after rooting the device and using Samsung’s publicly available proprietary software tool ODIN, it is possible for Galaxy Gear 2 to silently take pictures using its embedded camera. This obviously opens the door to possible scenarios in which Galaxy Gear 2 could violate other people’s privacy, said Kaspersky Lab.

Send news tips and comments to

Follow Divina Paredes on Twitter: @divinap

Follow CIO New Zealand on Twitter:@cio_nz

Sign up for CIO newsletters for regular updates on CIO news, views and events.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO New Zealand newsletter!

Error: Please check your email address.

Tags Internet of Thingssecurity

More about APTGalaxyGoogleKasperskySamsung

Show Comments