Wearables, which can also be used for medical purposes such as measuring body functions, often protect significant intervals and sent health data in IT protection. This originates from the final report on the “Security of Wearbals with Medical Sub -Functionalities” (SIWAamed) project in the Federal Office’s Security Office in Information Technology (BSI). According to the results, several equipment tested are open to attacks. Encryption, insufficiently safe communication channels and weaknesses in the poor authentication mechanisms can enable teafood to prevent sensitive information or manipulate.
Advertisement
Problems with “Network Components”: Users can not use 1 and 1-Sim in Apple WatchAt the same time, the market is growing rapidly according to the market study for such health-accessories, which increases the risk of security-packed events. The analysis carried out cyber security company Ashard and EESY Innovation Development Service in the BSI order. The first edition of the report was already available to the Authority in late November 2023. But it has published it nowSo experts selected ten products for “a detailed safety examination”. Six of them were network watches such as smartwatch, three fitness trackers and a smart ring. Researchers revealed a total of 110 weaknesses, which they classified as “medium” or “high”. No device was completely free from safety intervals.
The most frequently found weaknesses worry about user authentication and Bluetooth communication. Along with many devices, examiners also do not understand. If it is checked whether a valid user has access, then the implementation often has weaknesses. The Bluetooth protocols related to seven of the eight as “high” weaknesses, which serves as the main channel for the connection of the portable device with mobile use. Most of the apps tested had no mechanism to identify anti-debag or routing. Such procedures can at least help to remove advanced attackers and protect users’ data if the platform is compromised or attacked on mobile applications.
Danger from personal cybercrime
Due to the gap, it was partly possible to listen to the firmware during the update process for researchers. This could then be analyzed and manipulated by an attacker if this information is not properly preserved by signing or examination. Examiners also found that some weak points occurred frequently due to the use of uniform operating systems, software and general infrastructure. This increases the risk of “large attacks on many devices at the same time”. In general, given the sensitivity of processed data, the results are usually “asking and considering”.
On the one hand, it will be comprehensible that wearbals are especially used for attacks on those who use a related sensor system, the author explains. These can cause misunderstandings of their own health status, resulting in a potentially dangerous self -deception. This, for example, is applied to manipulation of blood sugar levels, blood pressure or oxygen saturation in the blood. The disclosure of explosive information with blackmail is also comprehensible. Consumers should be reminded that they do not fully rely on the data and information of wearbals. From the end of 2027, according to the Cyber ​​Flexibility Act, only “with digital elements” products in the European Union can come in the market if they follow minimum requirements for cyber security. Tüv Süd therefore warns regular examination by independent third parties in the manufacturers of health-accessories.
(Dahe)
“Apple Launch”: What can come on Wednesday and what is not
