Wearable Bluetooth devices hide more risks
Release time:
2021-11-12
According to statistics, there are billions of smart devices around the world using Bluetooth technology. Although Wi-Fi can replace Bluetooth to meet the user's wireless transmission needs, but in wireless headphones, speakers and other devices, usually equipped with Bluetooth and Wi-Fi functions. "Wireless speakers, in-car infotainment systems, these Bluetooth-enabled devices usually only involve point-to-point single-wire transmission and almost no other devices, so they are less likely to reveal privacy. For example, wireless headphones usually only connect to the user's own mobile phone or other personal device, not to the device of others." Huang Xinyi said, but smart wearable devices with Bluetooth function related to sports and health, such as smart bracelets, smart glasses, smart sports shoes, etc., will upload personal information such as heart rate, sleep and body fat of users to the server through mobile phone software, that is, non-personal user devices, which will have a greater risk of privacy disclosure.
According to statistics, there are billions of smart devices around the world using Bluetooth technology. Although Wi-Fi can replace Bluetooth to meet the user's wireless transmission needs, but in wireless headphones, speakers and other devices, usually equipped with Bluetooth and Wi-Fi functions.
"Wireless speakers, in-car infotainment systems, these Bluetooth-enabled devices usually only involve point-to-point single-wire transmission and almost no other devices, so they are less likely to reveal privacy. For example, wireless headphones usually only connect to the user's own mobile phone or other personal device, not to the device of others." Huang Xinyi said, but smart wearable devices with Bluetooth function related to sports and health, such as smart bracelets, smart glasses, smart sports shoes, etc., will upload personal information such as heart rate, sleep and body fat of users to the server through mobile phone software, that is, non-personal user devices, which will have a greater risk of privacy disclosure.
According to Cai Yunpeng, technical director of Fujian Yizhun Information Technology Co., Ltd., because wearable devices need to broadcast the address and name to activate the Bluetooth function, during the broadcasting process, the attacker can indirectly locate the location of the specific terminal wearer through "monitoring" and can also obtain the user's location information. In addition, attackers can also obtain health signs information collected by some devices in real time through standard agreements. This part of data is generally not encrypted and can be easily used by "interested people. Meanwhile, an incoming call or an application message on a mobile phone side is generally pushed to a wearable device with a Bluetooth function, and when the device is monitored, a message on a user's mobile phone may also be leaked.
Huang Xinyi, for example, said that most smart bracelets on the market now use direct working pairing mode, I .e. users actively initiate connection but cannot see the pairing process, and devices usually do not authenticate the source of Bluetooth instructions. In this case, as long as the attacker will contain a special format of the data to the Bluetooth device, you can arbitrarily on the bracelet "orders", such as control LED color changes, open real-time step monitoring function and so on.
Copyright©2024 Dongguan Quanyun Electronic Technology Co., Ltd.