Bluetooth’s Not-So-Smart Tech Security Flaws

Bluetooth Low Energy (BLE) is at the center of cybersecurity attention, raising concerns about privacy and confidentiality. Context, a specialized consultancy, proved that BLE signals transmitted by many mobile phones, wearable devices and iBeacons, including the iPhone and leading fitness monitors, could be easily recorded and monitored. This could leave room for a cyberattack of some sort or the possibility of collecting confidential information about someone’s health. The research team has even developed an Android app that scans, detects and logs wearable devices.

The findings follow recent reports that soldiers in the People’s Liberation Army of China have been warned against using wearables to restrict the possibility of cybersecurity loopholes. “Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” says Scott Lester, who led the experiment.

BLE is especially popular for wearable technology and fitness trackers because it’s small, uses very little battery and doesn’t need much updating. Although the range in which it operates is around 100m in an open area, research shows that it can be detected even further away. In his blog post, Lester warns that devices using BLE technology contain very personal information about someone’s health and patterns of life. While some people would be completely fine making this information public, others – such as politicians or senior executives – could have a serious problem with it.

The BLE technology is also very popular in retail stores where it, via the use of iBeacons, enables customsers to use their mobiles as mobile wallets, for instance. A way to prevent cyberattacks could be by educating the consumer about data security. Doc Vaidhyanathan, VP Product Management, Digital Payments at CA Technologies, recently sat down with PYMNTS to discuss his point of view on securing wearable technology including the Apple Watch and the Apple Pay fraud issue. The trick, he says, will be to make sure the attacker cannot easily combine data and derive material for an attack.

For the industry, the challenge will be to reach a balance between security and profits.

“Companies are aware that they need to consider the full spectrum of available measures against their product’s security requirements,” said Martin Woolley, Technical Program Manager at Bluetooth SI to Engineering and Technology Magazine.

“For example the security needs of a smart bulb manufacturer would differ to those of a smart lock manufacturer. What is certain is that Bluetooth offers a wide range of security options, including government-grade encryption providing the means for very high levels of security. Manufacturers will continue to make decisions based on their customers’ needs and demands for a particular implementation.”

To check out what else is HOT in the world of payments, click here.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the November 2019 AML/KYC Report, Zillow’s Justin Farris tells PYMNTS how the platform incorporates stringent authentication without making the onboarding and buying experiences too complex.

Click to comment