Biblio

Wearable devices are being more popular in our daily life. Especially, smart wristbands are booming in the market recently, which can be used to monitor health status, track fitness data, or even do medical tests, etc. For this reason, smart wristbands can obtain a lot of personal data. Hence, users and manufacturers should pay more attention to the security aspects of smart wristbands. However, we have found that some Bluetooth Low Energy based smart wristbands have very weak or even no security protection mechanism, therefore, they are vulnerable to replay attacks, man-in-the-middle attacks, brute-force attacks, Denial of Service (DoS) attacks, etc. We have investigated four different popular smart wristbands and a smart watch. Among them, only the smart watch is protected by some security mechanisms while the other four smart wristbands are not protected. In our experiments, we have also figured out all the message formats of the controlling commands of these smart wristbands and developed an Android software application as a testing tool. Powered by the resolved command formats, this tool can directly control these wristbands, and any other wristbands of these four models, without using the official supporting applications.

In this paper, we consider side-channel mechanisms, specifically using smart device ambient light sensors, to capture information about user computing activity. We distinguish keyboard keystrokes using only the ambient light sensor readings from a smart watch worn on the user's non-dominant hand. Additionally, we investigate the feasibility of capturing screen emanations for determining user browser usage patterns. The experimental results expose privacy and security risks, as well as the potential for new mobile user interfaces and applications.