Researchers from the security firm BitDefender have found that it is possible to snoop on wireless communications sent between smart watches and Android devices to which they are paired.
The researchers, led by Liviu Arsene, captured and analyzed raw traffic between the Nexus 4 Android device running Android L Developer Preview and the Samsung Gear Live smart watch. The traffic was captured on the Android device before it was transmitted to the associated smart watch using a baseband co-processor that it standard on most Android devices.
According to BitDefender, the wireless traffic is secured using a six digit PIN code. That leaves the device vulnerable to computer-enabled “brute force” attacks that can try the million possible six digit codes in short order.
BitDefender noted that the problem exposed wasn’t limited to smart watches. Using baseband co-processors on Android devices to handle encryption is “not a fool-proof security mechanism,” Arsene wrote. Attackers might also be able to exploit vulnerabilities on the baseboard controller to achieve the same end, he said.