Who would a few years ago could have imagined that we would manage their smartphones with a watch? Nevertheless, today it is a fact – a smartphone and watches it easy to share a variety of information. But whether it is safe for the user? It turns out that the data is not protected in the best way and may be easy to steal.
The vulnerability was discovered by Bitdefender, antivirus software. Using Samsung Gear Live, associated with the Nexus 4 on the preliminary version of Android 5.0, experts have found that the PIN-code necessary to establish the Bluetooth-connection between devices, easy to pick up with a simple method of selection. The explanation is pretty simple too – now there are only 1 million options.
Thus, the data transmission between the smartphone and the clock can be easily intercepted. Of course, much of this can be kind of useless notifications about the weather or something like that. Yet among these flows can be appointments user posts, the biometric data in the end. It is unlikely that you will want them to someone to share.
In addition, large flaws in security Android Wear is the fact that all information is transmitted between devices in plain text.
Surely Google will try to fix this vulnerability in the shortest time, but still it will take some time. In particular, the experts suggest implementing data encryption or replacing the input PIN-code on the NFC-authentication. However, both solutions carry certain consequences such as increasing the load on the processor or increase the final cost of the components of portable devices.
It is hoped that Google will find the optimal solution.
Our contact information can be easy to steal
RSA, The Security Division of EMC, published a report “Online Fraud Report”, representing the most important information about trends in the phishing attacks, as well as a list of countries in which last month found them most.
The report describes the case of the Brazilian attacker, who created mobile apps for Android and iOS, allow you to buy with a credit card.
A detailed analysis of the program on Android, conducted by experts from RSA indicates that it can be used to obtain sensitive data. During installation, the user must solve a series of rights: read and edit your calendar and contacts, access to the repository, a set of calls, reading and writing to the internal and external memory device, access to the camera, access to the device ID. In addition, after the issuance of all permits, application downloads and installs additional software that can read messages SMS.
Read another very interesting article about alternative energy of the Sun, water and air.