Abstract image of a woman sitting on books and studying on a laptop

SIT732 7.2P.pptx

Download as PPTX, PDF
A
AnshulWalia5

The document discusses privacy and security concerns regarding smart watches. It notes that while popular brands have some protections in place, smartwatches still have vulnerabilities that could expose users' private data. These include insufficient authentication, lack of encryption, insecure software updates, and privacy risks from collecting and transmitting personal user information. The document provides examples of specific attacks smartwatches are susceptible to and recommends mitigation measures manufacturers and users should take, such as implementing stronger authentication, encrypting data transmission, and being cautious about what personal information is collected.

Engineering
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
Privacy Concerns For IoT Smart Watches Prepared By: Shikhambry Walia
Smart watches are a necessary requirement in house hold. It ranges from kids to old family members. Smartwatch privacy and security share similar risks with many other smart and IoT devices. Although popular brands have some protections in place, there are known vulnerabilities that may affect your smartwatch. With smartwatches being made for all ages, it's only natural to wonder about the dangers to your privacy and data. After all, smartwatch threats are not coming from all directions, but that doesn't mean that your smartwatch data is entirely safe either. The convenience of these products can sometimes make your data easier for hackers to access. However, despite these concerns, there are ways you can protect yourself.
INTRODUCTION Smartwatches give a lot of features like geo tracking, payments, music control, health sensors, biomedical sensors, restricting one from a dangerous area and many more. They also have 2-way audio transfer enabled for communication . It has message service enabled for text messages. There is a video call option available as well in case of emergency. Watches for elderly people comes with an anti fall sensor which sends alarm to ambulance in case of a fall. There are some varieties of this device in form of smart bands. Most of watches initially had Android Os ported and a watch size screen available with them. ‘Pebble’ watches had javascript based watch faces. These watches have a firmware embedded on to the chips with other modules and a battery. This leads to hardware attacks alongwith location leaks and info leaks.
KINDS OF ATTACKS A. Insufficient User Authentication/Authorization B. Lack of transport encryption C. Insecure Interfaces D. Insecure Software/Firmware E. Privacy Concerns F. Sensitive Data G. Security Flaws H. Sniffing I. Reverse Engineering
A. Insufficient User Authentication/Authorization: Every smartwatch tested was paired with a mobile interface that lacked two-factor authentication and did not lock out accounts after 3-5 failed attempts to enter the password. Three in 10 were vulnerable to account harvesting, meaning an attacker could access the device and data via a combination of weak password policy, lack of account lockout and user enumeration. B. Lack of transport encryption: Transport encryption is critical given that personal information moves to multiple locations in the cloud. While 100 percent of the test products implemented transport encryption using SSL/TLS, 40 percent of the cloud connections were vulnerable to the POODLE attack, allowed the use of weak cyphers or still used SSL v2.
C. Insecure Interfaces: Thirty percent of the tested smartwatches used cloud-based web interfaces, all of which exhibited account enumeration concerns. In a separate test, 30 percent also exhibited account enumeration concerns with their mobile applications. This vulnerability lets hackers identify valid user accounts through feedback from reset password mechanisms. D. Insecure Software/Firmware: A full 70 percent of the smartwatches were found to have concerns with protection of firmware updates, including transmitting firmware updates without encryption and without encrypting the update files. However, many updates were signed to help prevent installation of contaminated firmware. While malicious updates cannot be installed, lack of encryption allows the files to be downloaded and analyzed.
E. Privacy Concerns: All smartwatches collected some personal information, such as name, address, date of birth, weight, gender, heart rate and other health information. Given the account enumeration issues and use of weak passwords on some products, exposure of this personal information is a concern. F. ‘XYZ’ Lite transmits sensitive data such as GPS coordinates, voicemails, and photos using the unencrypted (HTTP) data transfer protocol. This unencrypted protocol enables man-in-the-middle (MiTM) attacks that allow attackers to listen in on transmitted data.
G. Cheap watches and chinese bands have huge security flaws.They use a weak default password ('123456'), I say that the commands that can be used are significantly reduced, making it not much of a risk. H. Sniffing: Video and audio sniffing is easily possible by recording the video or audio without permission. I. Reverse Engineering: Some smartwatches could be easily reverse engineered and modified to change the internal code.
Prevention and Cure The targets can be children, fitness freaks, parents, pets and gps powered vehicles. Most of these attcks cold be due to mishandling of devices by users, while others can be due to security breaches.  Secure Interfaces- Device based login is better than cloud based login. Due to small screen, one must not choose no authentication method to avoid hassle of entering pin.  Secure firmware- Software shall be secure enough to stop the smart attacks done on the watch by multiple clicks or over the internet attacks. All the transactions done shall be over a secure layer .  Privacy Concerns- All private information shall be kept safe and not shared with anyone.  TLS Layer- All sensor information especially GPS info much be share over TLS using SSL certificate.
 Broken Access- Weak authentication passwords make it really easy to break into.  Sniffing- No audio or video info must be compromised at any costs.  Hardware Fuses- using any hardware fuse to stop any reverse engineering is an important prevention.  Buy premium products- If you wish to buy genuine products then buy a bit expensive but good secured products.
MITIGATION MEASURES As a result of known vulnerabilities, China’s Army banned smart watches due to the potential for devices to be hijacked as eavesdropping tools to exploit sensitive locations, communications, and military secrets . Then in 2020, the National Cyber Security Centre (NCSC) of Great Britain proposed a ban on smart watches until the identified security flaws are fixed by the manufacturers. At a technological level, utilizing the Trusted Execution Environment of paired smart phones and introducing greater authentication protocols has demonstrated resistance against known vulnerabilities. However, highlighting the issues and critically evaluating the vulnerabilities is insufficient to change behavior. Nor does legislation provide much incentive for the user or manufacturer to change their behavior, especially when codes are voluntary to follow, have broad definitions, or are classified against minimal controls.
SIT732 7.2P.pptx

More Related Content

PPTX
Accellion - The European Information Security Summit, London
Proofpoint
 
PDF
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
online Marketing
 
DOCX
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
DOCX
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
mariuse18nolet
 
PPT
MOBILE SECURITY -UNIT -II PPT IV- PROFESSIONAL ELEFCTIVE
Ramya Nellutla
 
PPTX
Mobile security trends
Ken Huang
 
DOCX
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
PDF
NWSLTR_Volume5_Issue2
Charles Klondike
 
Accellion - The European Information Security Summit, London
Proofpoint
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
online Marketing
 
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
mariuse18nolet
 
MOBILE SECURITY -UNIT -II PPT IV- PROFESSIONAL ELEFCTIVE
Ramya Nellutla
 
Mobile security trends
Ken Huang
 
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
NWSLTR_Volume5_Issue2
Charles Klondike
 

Similar to SIT732 7.2P.pptx (20)

PDF
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET Journal
 
PDF
Internet of things (IoT) Architecture Security Analysis
Daksh Raj Chopra
 
PDF
3 steps security
brightfire-slides
 
PPTX
Big data, Security, or Privacy in IoT: Choice is Yours
Dilum Bandara
 
PDF
IoT
Deepak Kumar (D3)
 
PDF
IoT Security and Privacy Concerns: Safeguarding Your Connected Devices
GrapesTech Solutions
 
PDF
An Internet of Things Reference Architecture
Symantec
 
PPTX
itmsday2.pptx
santoshmohanthy2
 
PDF
The Role of Cryptography in the Future of IoT.pdf
Hazel Gomez
 
PDF
IoT Security.pdf
SudhanshiBakre1
 
PDF
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
IJCSIS Research Publications
 
PDF
880 st011
Chandra Rao
 
PDF
Guarding Your Digital Fortress: Advanced Data Security Options in Kolkata at ...
Webcraftzs Technologies
 
PPTX
A Quick Guide On What Is IoT Security_.pptx
TurboAnchor
 
PPTX
The Internet of things paradox
Golden Locksmith
 
PDF
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
acijjournal
 
PDF
How to Protect IoT Devices from Hackers and Stay Safe Online.pdf
CyberPro Magazine
 
PPTX
IoT, Data Analytics and Big Data Security.pptx
fizarcse
 
PDF
Mobile app security
whitecryption
 
PDF
How To Evaluate the Strengths and Weaknesses of Security and Privacy in IoT D...
Nevina Infotech
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET Journal
 
Internet of things (IoT) Architecture Security Analysis
Daksh Raj Chopra
 
3 steps security
brightfire-slides
 
Big data, Security, or Privacy in IoT: Choice is Yours
Dilum Bandara
 
IoT
Deepak Kumar (D3)
 
IoT Security and Privacy Concerns: Safeguarding Your Connected Devices
GrapesTech Solutions
 
An Internet of Things Reference Architecture
Symantec
 
itmsday2.pptx
santoshmohanthy2
 
The Role of Cryptography in the Future of IoT.pdf
Hazel Gomez
 
IoT Security.pdf
SudhanshiBakre1
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
IJCSIS Research Publications
 
880 st011
Chandra Rao
 
Guarding Your Digital Fortress: Advanced Data Security Options in Kolkata at ...
Webcraftzs Technologies
 
A Quick Guide On What Is IoT Security_.pptx
TurboAnchor
 
The Internet of things paradox
Golden Locksmith
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
acijjournal
 
How to Protect IoT Devices from Hackers and Stay Safe Online.pdf
CyberPro Magazine
 
IoT, Data Analytics and Big Data Security.pptx
fizarcse
 
Mobile app security
whitecryption
 
How To Evaluate the Strengths and Weaknesses of Security and Privacy in IoT D...
Nevina Infotech
 
Ad

Recently uploaded (20)

PDF
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
PDF
First part_B-Image Processing - 1 of 2).pdf
barabre
 
PDF
August 2025 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
PDF
UEFA_Carbon_Footprint_Calculator_Methology_2.0.pdf
tuchinad02
 
PDF
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
PPTX
Feature types and data preprocessing steps
deepalishinkar1
 
PDF
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
PDF
Design Guidelines and solutions for Plastics parts
ferdinand937933
 
PPTX
Module 8- Technological and Communication Skills.pptx
Ramya Nellutla
 
PPTX
Management Information system : MIS-e-Business Systems.pptx
ShankarGowda22
 
PDF
Accra-Kumasi Expressway - Prefeasibility Report Volume 1 of 7.11.2018.pdf
JeorgeWilsonKingson1
 
PPTX
ASME PCC-02 TRAINING -DESKTOP-NLE5HNP.pptx
laxmikantvjawale
 
PDF
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
RandyClara
 
PDF
Java Basics-Introduction and program control
lohithsrikarb719
 
PDF
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
PPTX
Building constraction Conveyance of water.pptx
SidharthKamble9
 
PPTX
A Brief Introduction to IoT- Smart Objects: The "Things" in IoT
KeerthanaSahadevan1
 
PPTX
CN_Unite_1 AI&DS ENGGERING SPPU PUNE UNIVERSITY
versetooni85
 
PPTX
tack Data Structure with Array and Linked List Implementation, Push and Pop O...
usham61
 
PPT
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
First part_B-Image Processing - 1 of 2).pdf
barabre
 
August 2025 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
UEFA_Carbon_Footprint_Calculator_Methology_2.0.pdf
tuchinad02
 
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
Feature types and data preprocessing steps
deepalishinkar1
 
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
Design Guidelines and solutions for Plastics parts
ferdinand937933
 
Module 8- Technological and Communication Skills.pptx
Ramya Nellutla
 
Management Information system : MIS-e-Business Systems.pptx
ShankarGowda22
 
Accra-Kumasi Expressway - Prefeasibility Report Volume 1 of 7.11.2018.pdf
JeorgeWilsonKingson1
 
ASME PCC-02 TRAINING -DESKTOP-NLE5HNP.pptx
laxmikantvjawale
 
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
RandyClara
 
Java Basics-Introduction and program control
lohithsrikarb719
 
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
Building constraction Conveyance of water.pptx
SidharthKamble9
 
A Brief Introduction to IoT- Smart Objects: The "Things" in IoT
KeerthanaSahadevan1
 
CN_Unite_1 AI&DS ENGGERING SPPU PUNE UNIVERSITY
versetooni85
 
tack Data Structure with Array and Linked List Implementation, Push and Pop O...
usham61
 
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
Ad

SIT732 7.2P.pptx

  • 1. Privacy Concerns For IoT Smart Watches Prepared By: Shikhambry Walia
  • 2. Smart watches are a necessary requirement in house hold. It ranges from kids to old family members. Smartwatch privacy and security share similar risks with many other smart and IoT devices. Although popular brands have some protections in place, there are known vulnerabilities that may affect your smartwatch. With smartwatches being made for all ages, it's only natural to wonder about the dangers to your privacy and data. After all, smartwatch threats are not coming from all directions, but that doesn't mean that your smartwatch data is entirely safe either. The convenience of these products can sometimes make your data easier for hackers to access. However, despite these concerns, there are ways you can protect yourself.
  • 3. INTRODUCTION Smartwatches give a lot of features like geo tracking, payments, music control, health sensors, biomedical sensors, restricting one from a dangerous area and many more. They also have 2-way audio transfer enabled for communication . It has message service enabled for text messages. There is a video call option available as well in case of emergency. Watches for elderly people comes with an anti fall sensor which sends alarm to ambulance in case of a fall. There are some varieties of this device in form of smart bands. Most of watches initially had Android Os ported and a watch size screen available with them. ‘Pebble’ watches had javascript based watch faces. These watches have a firmware embedded on to the chips with other modules and a battery. This leads to hardware attacks alongwith location leaks and info leaks.
  • 4. KINDS OF ATTACKS A. Insufficient User Authentication/Authorization B. Lack of transport encryption C. Insecure Interfaces D. Insecure Software/Firmware E. Privacy Concerns F. Sensitive Data G. Security Flaws H. Sniffing I. Reverse Engineering
  • 5. A. Insufficient User Authentication/Authorization: Every smartwatch tested was paired with a mobile interface that lacked two-factor authentication and did not lock out accounts after 3-5 failed attempts to enter the password. Three in 10 were vulnerable to account harvesting, meaning an attacker could access the device and data via a combination of weak password policy, lack of account lockout and user enumeration. B. Lack of transport encryption: Transport encryption is critical given that personal information moves to multiple locations in the cloud. While 100 percent of the test products implemented transport encryption using SSL/TLS, 40 percent of the cloud connections were vulnerable to the POODLE attack, allowed the use of weak cyphers or still used SSL v2.
  • 6. C. Insecure Interfaces: Thirty percent of the tested smartwatches used cloud-based web interfaces, all of which exhibited account enumeration concerns. In a separate test, 30 percent also exhibited account enumeration concerns with their mobile applications. This vulnerability lets hackers identify valid user accounts through feedback from reset password mechanisms. D. Insecure Software/Firmware: A full 70 percent of the smartwatches were found to have concerns with protection of firmware updates, including transmitting firmware updates without encryption and without encrypting the update files. However, many updates were signed to help prevent installation of contaminated firmware. While malicious updates cannot be installed, lack of encryption allows the files to be downloaded and analyzed.
  • 7. E. Privacy Concerns: All smartwatches collected some personal information, such as name, address, date of birth, weight, gender, heart rate and other health information. Given the account enumeration issues and use of weak passwords on some products, exposure of this personal information is a concern. F. ‘XYZ’ Lite transmits sensitive data such as GPS coordinates, voicemails, and photos using the unencrypted (HTTP) data transfer protocol. This unencrypted protocol enables man-in-the-middle (MiTM) attacks that allow attackers to listen in on transmitted data.
  • 8. G. Cheap watches and chinese bands have huge security flaws.They use a weak default password ('123456'), I say that the commands that can be used are significantly reduced, making it not much of a risk. H. Sniffing: Video and audio sniffing is easily possible by recording the video or audio without permission. I. Reverse Engineering: Some smartwatches could be easily reverse engineered and modified to change the internal code.
  • 9. Prevention and Cure The targets can be children, fitness freaks, parents, pets and gps powered vehicles. Most of these attcks cold be due to mishandling of devices by users, while others can be due to security breaches.  Secure Interfaces- Device based login is better than cloud based login. Due to small screen, one must not choose no authentication method to avoid hassle of entering pin.  Secure firmware- Software shall be secure enough to stop the smart attacks done on the watch by multiple clicks or over the internet attacks. All the transactions done shall be over a secure layer .  Privacy Concerns- All private information shall be kept safe and not shared with anyone.  TLS Layer- All sensor information especially GPS info much be share over TLS using SSL certificate.
  • 10.  Broken Access- Weak authentication passwords make it really easy to break into.  Sniffing- No audio or video info must be compromised at any costs.  Hardware Fuses- using any hardware fuse to stop any reverse engineering is an important prevention.  Buy premium products- If you wish to buy genuine products then buy a bit expensive but good secured products.
  • 11. MITIGATION MEASURES As a result of known vulnerabilities, China’s Army banned smart watches due to the potential for devices to be hijacked as eavesdropping tools to exploit sensitive locations, communications, and military secrets . Then in 2020, the National Cyber Security Centre (NCSC) of Great Britain proposed a ban on smart watches until the identified security flaws are fixed by the manufacturers. At a technological level, utilizing the Trusted Execution Environment of paired smart phones and introducing greater authentication protocols has demonstrated resistance against known vulnerabilities. However, highlighting the issues and critically evaluating the vulnerabilities is insufficient to change behavior. Nor does legislation provide much incentive for the user or manufacturer to change their behavior, especially when codes are voluntary to follow, have broad definitions, or are classified against minimal controls.