The smartwatch for children that Gustaf Blomqvist hacked in his thesis turned out to be a security disaster. The watch had an insecure network service that anyone could access via the internet.
”As an attacker, you can then take complete control of the watch and use everything it has. There are lots of scenarios where the watch can become a security risk and where it can be used for denial-of-service attacks, which is a major social problem,” he says.
In his thesis, ”Ethical hacking of a Smartwatch for Kids: A Hacker's Playground” , Gustaf Blomqvist demonstrates how easy it is to hack a smartwatch for children. Smartwatches for children have been hacked before, so Gustaf Blomqvist chose a watch that was different from those that had been hacked previously.
He also based his choice on several criteria: the watch had to be popular and have a lot of functionality, as this meant there were more attack surfaces. Smartwatches for children are also sold with safety as a key selling point, so parents can feel secure and stay in touch with their children.
"At the beginning of my work, I found out what was inside the watch, what hardware and systems it had. I also drew inspiration from other hacked watches to understand what potential vulnerabilities might exist," he explains.
"May seem like magic"
When hacking, you need to map out the system, understand how it works, and how you can interact with it. This information serves as the basis for identifying any weaknesses that may exist. Once the weaknesses have been identified, they are prioritised, checked for accuracy and combined as necessary.
”Hacking may seem like magic, but it's all about technology, and as a hacker, you need to have a good technical understanding of systems,” he says.
Gustaf Blomqvist found a serious vulnerability in an attack surface that no one had previously examined, and also gained access to the camera, microphone, and speakers. He was even able to send messages and eavesdrop on the surroundings.
Difficult to secure
... continue reading