The Internet of Things is growing fast with new devices coming up every month. At Appknox, we are big fans of the IoT revolution and are some of the first people to pick up devices like the Pebble, Moto360, Fitbit, Misfit and many more. In fact, starting today, we are dedicating Mondays to cover stories on IoT devices.
While we are major fans of IoT devices, being a forward looking security company, we also know this comes with a lot of compromises in security. It is part of our initiative to help make this ecosystem secure and also make users aware of issues present today.
In a recent find, Kaspersky researcher Roman Unuchek discovered a flaw in fitness bands which allows others to connect invisibly to the devices, execute commands and in some cases extract data. This vulnerability was made possible because of the way the bands connect to devices running Android 4.3 and above.
Users are asked to pair their bands to their mobile devices by pressing a button when they vibrate, but there is no way to tell whether the pairing is with their device or a third party’s because many fitness bands on the market do not have built-in displays.
Kaspersky said that in the devices examined the vulnerability only gave potential attackers access to data on the number of steps the owner took in the last hour, but that this could grow as more sophisticated fitness bands are released.
“The fitness trackers currently available are still fairly dumb, capable of counting steps and following sleep cycles, but little more than that,” Kaspersky researcher Unuchek explained.
“But the second generation of such devices is almost here, and they will be able to gather much more information about users. It is important to think about the security of these devices now, and ensure that there is proper protection for how the tracker interacts with the smartphone.”
Well, IoT is still in very early stages. We'll bring you more updates on devices as well as security so that you can stay well informed.