Sign In

Communications of the ACM

ACM TechNews

Google Fixes Smartwatch Security Problem


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Smart watches.

Google has corrected a security vulnerability in its Wear OS smartwatches discovered by Purdue University reseachers, who helped develop the remedy.

Credit: Unsplash

Google has corrected a security vulnerability in its Wear OS smartwatches that could have allowed attackers to crash specific applications, render the app or the watch unresponsive, or cause continuous reboots.

Purdue University’s Saurabh Bagchi and colleagues uncovered the flaw using the Vulcan tool, which feeds a program or app different permutations of data until one exposes a weakness.

Through this fuzzing technique, the researchers learned that a hacker could hijack an app or the smartwatch by manipulating the language, or Intents, that apps use to communicate.

Sending such Intents at high volumes when the operating system is less stable could overload the app or watch, even without root-level privileges.

The Purdue team demonstrated a proof-of-concept mitigation method, and released its codebase on GitHub after Google issued a patch for the Wear OS vulnerability on June 24.

From Purdue University News
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found