New paper
Hannan Bin Azhar, M.A., Smith, D., Cain, A. (2023). Spying on Kids’ Smart Devices: Beware of Security Vulnerabilities!. In: Jahankhani, H. (eds) Cybersecurity in the Age of Smart Societies. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-20160-8_8
Abstract
The emergence of the Internet of Things devices in everyday life has increased its sales dramatically over recent years, specifically of smart devices, such as smartwatches, fitness trackers and smart phones. The number of vulnerabilities exploited has also risen in tandem with the increased sales. The attack vectors have greatly increased due to the connectivity and mass functionality of these devices. The lack of security in smartwatches, marketed towards children, poses a prominent threat for their safety and security. Results reported in this paper revealed significant security vulnerabilities in several popular kids’ smartwatches when exploited by SMS command injection, Bluetooth tracking and Wi-Fi man in the middle attack. The devices investigated were kids’ smartwatches, a fitness tracker and a smart phone with varying functions, connections and security features. Findings of the paper raise concerns as vulnerabilities of kids’ IoT smart devices can lead to criminal cases, such as child grooming and child abduction.
References
| Thompson J (2018) A concise history of the smartwatch, Bloomberg, https://www.bloomberg.com/news/articles/2018-01-08/a-concise-history-of-the-smartwatch. Accessed 1 Aug 2022 | ||||
| Makhdoom I, Abolhasan M, Lipman J, Liu RP, Ni W (2018) Anatomy of threats to the internet of things. IEEE Commun Surv Tutor 21(2):1636-1675 https://doi.org/10.1109/COMST.2018.2874978 | ||||
| Alladi T, Chamola V, Sikdar B, Choo KKR (2020) Consumer IoT: security vulnerability case studies and solutions. IEEE Consum Electron Mag 9(2):17-25 https://doi.org/10.1109/MCE.2019.2953740 | ||||
| Liao B, Ali Y, Nazir S, He L, Khan HU (2020) Security analysis of IoT devices by using mobile computing: a systematic literature review. IEEE Access 8:120331-120350 https://doi.org/10.1109/ACCESS.2020.3006358 | ||||
| Saatjohann C, Ising F, Krings L, Schinzel S (2020) STALK: security analysis of smartwatches for kids. In: Proceedings of the 15th international conference on availability, reliability and security, pp. 1-10 https://doi.org/10.1145/3407023.3407037 | ||||
| Židková N, Maryška M, Doucek P, Nedomova L (2020) Security of Wi-Fi as a key factor for IoT. In: International scientific conference Hradec economic days. https://doi.org/10.36689/uhk/hed/2020-01-101 https://doi.org/10.36689/uhk/hed/2020-01-101 | ||||
| BBC (2020) Garmin begins recovery from ransomware attack. https://www.bbc.co.uk/news/technology-53553576. Accessed 1 Aug 2022 | ||||
| Whittaker Z (2020) Smartwatch hack could trick patients to 'take pills' with spoofed alerts, TechCrunch. https://techcrunch.com/2020/07/09/smartwatch-hack-spoofed-alerts/. Accessed 1 Aug 2022 | ||||
| Karie NM, Sahri NM, Haskell-Dowland P (2020) IoT threat detection advances, challenges and future directions. In: 2020 workshop on emerging technologies for security in IoT (ETSecIoT), pp 22-29. Accessed 21 April 2021 https://doi.org/10.1109/ETSecIoT50046.2020.00009 | ||||
| Statista (2021) Share of respondents who own a smart watch/health-tracker in UK 2019, by generation. https://www.statista.com/statistics/1044033/uk-smartwatch-health-trackert-ownership/. Accessed 1 Aug 2022 | ||||
| Al-Sharrah M, Salman A, Ahmad I (2018) Watch your smartwatch. In: 2018 International conference on computing sciences and engineering (ICCSE). IEEE, pp. 1-5 https://doi.org/10.1109/ICCSE1.2018.8374228 | ||||
| Stanislav M, Beardsley T (2015) Hacking iot: a case study on baby monitor exposures and vulnerabilities, Rapid7 Report. https://www.rapid7.com/globalassets/external/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf. Accessed 1 Aug 2022 | ||||
| Alto P (2015) HP study smartwatches vulnerable to attack. https://www8.hp.com/us/en/hp-news/press-release.html?id=2037386#.YDI2k-j7SiM. Accessed 1 Aug 2022 | ||||
| Kelion L (2018) MiSafes' child-tracking smartwatches are 'easy to hack', https://www.bbc.co.uk/news/technology-46195189. Accessed 1 Aug 2022 | ||||
| Seri B, Livne A (2019) Exploiting blueborne in linux-based iot devices, Armis, https://info.armis.com/rs/645-PDC-047/images/Armis-Exploiting-BlueBorne-in-Linux-Based-IoT-Devices-WP.pdf. Accessed 1 Aug 2022 | ||||
| Treaster M, Koenig GA, Meng X, Yurcik W (2005) Detection of privilege escalation for linux cluster security. In: 6th LCI international conference on Linux Clusters | ||||
| Mohanta BK, Jena D, Satapathy U, Patnaik S (2020) Survey on IoT security: challenges and solution using machine learning, artificial intelligence and blockchain technology. Internet Things 11. https://doi.org/10.1016/j.iot.2020.100227 https://doi.org/10.1016/j.iot.2020.100227 | ||||
| Iqbal W, Abbas H, Daneshmand M, Rauf B, Bangash YA (2020) An in-depth analysis of IoT security requirements, challenges, and their countermeasures via software-defined security. IEEE Internet Things J 7(10):10250-10276 https://doi.org/10.1109/JIOT.2020.2997651 | ||||
| Waraga OA, Bettayeb M, Nasir Q, Talib MA (2020) Design and implementation of automated IoT security testbed. Comput Secur 88. https://doi.org/10.1016/j.cose.2019.101648 https://doi.org/10.1016/j.cose.2019.101648 | ||||
| Classen J et al (2018) Anatomy of a vulnerable fitness tracking system: dissecting the fitbit cloud, app, and firmware. In: Proceedings of the ACM on interactive, mobile, wearable and ubiquitous technologies 2(1):1-24. https://doi.org/10.1145/3191737. Accessed 14 June 2021 https://doi.org/10.1145/3191737 | ||||
| Mahmoud M (2018) An experimental evaluation of smart toys' security and privacy practices. Masters Thesis, Concordia University. https://spectrum.library.concordia.ca/983590/. Accessed 1 Aug 2022 | ||||
| Dunn JE (2019) 'Kids' smartwatch security tracker can be hacked by anyone', Kids' smartwatch security tracker can be hacked by anyone. https://nakedsecurity.sophos.com/2019/11/28/kids-smartwatch-security-tracker-can-be-hacked-by-anyone/. Accessed 1 Aug 2022 | ||||
| BitDefender (2018) Understanding IoT vulnerabilities: overflow. https://www.bitdefender.com/box/blog/vulnerabilities/understanding-iot-vulnerabilities-overflow/. Accessed 1 Aug 2022 | ||||
| Pen Test Partners (2018) Consumer advice: kids GPS tracker watch security. https://www.pentestpartners.com/security-blog/consumer-advice-kids-gps-tracker-watch-security/. Accessed 1 Aug 2022 | ||||
| Chadza TA, Aparicio-Navarro FJ, Kyriakopoulos KG, Chambers JA (2017) A look into the information your smartphone leaks. In: 2017 international symposium on networks, computers and communications (ISNCC). IEEE, pp. 1-6 https://doi.org/10.1109/ISNCC.2017.8072022 | ||||
| Arroyo JG, Bindewald J, Graham S, Rice M (2017) Enabling Bluetooth Low Energy auditing through synchronized tracking of multiple connections. Int J Crit Infrastruct Prot 18:58-70 https://doi.org/10.1016/j.ijcip.2017.03.006 | ||||
| Al Neyadi E, Al Shehhi S, Al Shehhi A, Al Hashimi N, Mohammad QH, Alrabaee S (2020) Discovering public Wi-Fi vulnerabilities using raspberry pi and Kali Linux. In: 2020 12th annual undergraduate research conference on applied computing (URC), IEEE, pp 1-4 https://doi.org/10.1109/URC49805.2020.9099187 | ||||
| Dorobantu OG, Halunga S (2020) Security threats in IoT. In: 2020 international symposium on electronics and telecommunications (ISETC), IEEE, pp 1-4 | ||||
| Juniper, Understanding Rogue Access Points, Network Director User Guide (2016) https://www.juniper.net/documentation/en_US/junos-space-apps/network-director3.1/topics/concept/wireless-rogue-ap.html. Accessed 1 Aug 2022 | ||||
