The vulnerability also allowed hackers to send life-threatening messages to patients.
From classical watches to modern-day smartwatches, we’ve all come a long way. The latter are made by different companies globally far beyond the tech giants and so this also increases the scope for exploitation by hackers.
Such is what happened just recently where it was discovered that a smart tracking watch could be hacked and tampered with resulting in adverse consequences.
The watch in question uses the SETtracker app to have the tracking function which can be found in a multitude of similar devices worldwide. The manufacturer on the other hand is different and unidentified as of now.
How the watch works is that through a mobile app it allows people to track the elderly that may have dementia. On the other hand, the wearer can also call for help by pressing a trigger built on the watch. All of this is fine but there’s another feature that could be very dangerously misused.
You see, the application also allows the carer, in this case, to send an alert called “Take Pills” for reminding the patient that the time for their medication is due.
However, what happens if a hacker exploits the app and starts sending false alerts? According to Pen Test Partners, a hacker could potentially cause the patient to overdose on their medication.
Moreover, since the patient suffers from Dementia, it is very probable that they would not remember if they had taken the medication any time earlier.
But there’s also more. The message as shown above in the video can also be customized which can make cyberbullying by an attacker very easy as well.
To conclude, currently, the issue was reported to the manufacturers, reportedly in the “Far East” and has been fixed by now. A threat actor cannot exploit this vulnerability now.
Watch the demonstration video:
However, the issue remains as to how many other similar vulnerable smartwatches are out there and even so in this case if any patients were a victim of such an attack.
Furthermore, according to the researchers, while they were looking at the underlying source code of SETracker which was publicly available, they found highly confidential data being exposed including email and SMS credentials along with the passwords of databases.
The good news is that these have been fixed but the point remains – stop buying cheap watches on Amazon or elsewhere, these are highly dangerous and can jeopardize your security.
For additional technical details, Hackread.com highly recommends visiting Pen Test Partners’ blog post.