Samsung, LG Smartwatches Give Up Personal Data To Researchers

← Back to Stories (view on slashdot.org)

Samsung, LG Smartwatches Give Up Personal Data To Researchers

Posted by Soulskill on Friday June 12, 2015 @12:55AM from the new-places-from-which-to-leak-data dept.

An anonymous reader sends word that security researchers have been able to extract personal information from a pair of smartwatches: the LG G Watch and the Samsung Gear 2 Neo. The G Watch gave up calendar information, pedometer data, and the user's email address, while the Gear 2 Neo gave up health data, emails, messages, and contact information. The researchers said it wasn't very difficult to get the data, in part because it wasn't encrypted. "The Gear 2 Neo uses Samsung's Tizen operating system, while the LG G Watch is one of several models that uses Google's Android Wear operating system. The researchers obtained the data both by poking through the watches' files and finding traces of watch activity on the Samsung Android smartphone to which they were linked. The researchers also have begun testing the Apple Watch."

46 comments

Min score:

Reason:

Sort:

Apple Watch? Move along. Nothing to find here. by Anonymous Coward · 2015-06-12 00:59 · Score: 0

What a right royal waste of time and effort.
No Shit Sherlock by Anonymous Coward · 2015-06-12 01:00 · Score: 1

Really? Fucking sheeple. Who among us Slashdotters didn't think that this was happening? Even if that data is encrypted, it's being used to track the details about you. Now, let's ask how this information can be used against you. Insurance premiums maybe? Establishing alibi? Fuck 'em all.
1. Re:No Shit Sherlock by Anonymous Coward · 2015-06-12 01:23 · Score: 0
  
  And who cares? If someone grabs my watch, they probably could grab my arm which is more more valuable than some stupid data.
  I have a 10 year old heart rate monitor. It received data from its transmitter, in the clear. Every pulse is in the clear. And so what?
2. Re:No Shit Sherlock by Krojack · 2015-06-12 02:26 · Score: 2
  
  It's less about who cares but more about the fact these companies continue to sell our data without asking if they can or at least telling us they are going to.
  This also leaves the door open to malware on the phone to scrap up this personal data such as address, email and all your contacts and send it to Sasha Konovalov in Russia.
3. Re:No Shit Sherlock by Anonymous Coward · 2015-06-12 06:41 · Score: 0
  
  It's less about who cares but more about the fact these companies continue to sell our data without asking if they can or at least telling us they are going to.
  And this point has absolutely NOTHING to do with TFS. A researcher being able to extract data from a device is one thing. Those things should be directly exportable for the end user anyway. But it does not matter one iota if software encrypts that data if it gets sent to the company for their own purposes anyway.
  TOS of these companies need to state that data belongs to the user and NOT the companies. But most sheeple don't care are are just distracted by "oh, shinny!"
  But again, this is off-topic.
4. Re:No Shit Sherlock by Anonymous Coward · 2015-06-12 07:24 · Score: 0
  
  Yes.
  Situation 1: Data is locked up and encrypted everywhere except from the companies website - oh noes, my data is closed and locked up by the vendor and I'm locked in!
  Situation 2: Data is stored unencrypted on device - oh noes, my data is insecure!
  As a fitbit owner, I would love it if I could peek into the filesystem on my phone and grab the data from it as a CSV. It opens up a lot of possibilities. Ditto for the fitbit itself. As it is, there is an API, but only a certain granularity of data is accessible on the public API.
Was this a remote attack? Did the have the watch? by kcitren · 2015-06-12 01:14 · Score: 3, Insightful

The researchers obtained the data both by poking through the watches' files and finding traces of watch activity on the Samsung Android smartphone to which they were linked.
So, they had both the watch and the connected phone. I'm not really concerned about this. If this was a remote access thing, I'd be a little worried.
So do their TVs by Anonymous Coward · 2015-06-12 01:14 · Score: 0

But there's never any coverage of pressure over their smart TVs blocking functionality when they cannot contact Samsung's mother-ship to report what you're watching and what from. Strange that.
Huh? They had full control of the hardware. by Ihlosi · 2015-06-12 01:21 · Score: 1

These researchers had physical control of the hardware in question and were able to extract unencrypted data? That must have been difficult.
1. Re:Huh? They had full control of the hardware. by landimal_adurotune · 2015-06-12 01:27 · Score: 1
  
  I have the Gear 2, and absolutely love it. The only way someone is getting physical control of it is if they chop my wrist off. At that point stopping bleeding will supersede my need for privacy.
2. Re:Huh? They had full control of the hardware. by rsborg · 2015-06-12 01:28 · Score: 2
  
  These researchers had physical control of the hardware in question and were able to extract unencrypted data? That must have been difficult.
  You can't do that with an iPhone. Hardware access that's in a locked mode shouldn't necessarily give you access to encrypted data. Oh, in one case at least it simply wasn't encrypted. Health data. Nice.
  
  --
  Make sure everyone's vote counts: Verified Voting
3. Re:Huh? They had full control of the hardware. by dontbemad · 2015-06-12 02:26 · Score: 1
  
  Health data. Nice.
  I'm not terribly concerned about people knowing how many steps I've taken today or what my average heart rate is. Saying "health data" in this context is like saying "financial data" when referring to the knowledge of what some 10 year old receives as an allowance each week.
4. Re:Huh? They had full control of the hardware. by dkman · 2015-06-12 07:49 · Score: 1
  
  I came to say that it would have been much more interesting if they were sniffing the data between the watch and phone, which would mean they were capturing bluetooth data (having larger implications).
  
  I'm not quite should how they're seeing files on the watch, so that might be interesting on it's own.
  
  --
  I refuse to sign
To hell with them all by Anonymous Coward · 2015-06-12 01:23 · Score: 1

Time to update your watch!
Time to update your computer!
Time to update your car!
Time to update your thermostat!
Time to update your garage door opener!
Time to update your food processor!
Fuck computers!
1. Re:To hell with them all by ArcadeMan · 2015-06-12 01:33 · Score: 1
  
  Fuck computers!
  Time to update your RealDoll!
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
2. Re:To hell with them all by Lumpy · 2015-06-12 02:34 · Score: 1
  
  Well there's your problem.... Someone Switched this doll to Evil.
  
  --
  Do not look at laser with remaining good eye.
Redundant technology by LewekLeonek · 2015-06-12 01:25 · Score: 2, Interesting

Does anyone actually buy them? I think a smart watch is redundant, until it entirely be able to replace a cell phone. To better understand the market I did some quick research - http://www.smartwatchgroup.com... So they sold 6.8 millions of these gadgets in 2014 in US. I'm not impressed with these numbers. The only actual usage so far is: - fitness crowd - cool people that buy anything new that comes out for bragging rights - gifts for people who already have everything else
1. Re:Redundant technology by Minupla · 2015-06-12 01:43 · Score: 5, Insightful
  
  I've been wearing one since Christmas (thanks Santa!) and I have to say I don't think I'd wanna give it up now. It's a nice to have definitely, rather then a necessity, but so is my smart phone.
  I have the type of job with double and triple stacked meetings 8 hrs a day and it's REALLY nice to be able to glance at my watch and find out where I need to be next, what the dial in for the conference bridge is etc without having to pull my phone out of my pocket, unlock it, etc. Means I'm late for fewer meetings.
  It's also a lot more socially acceptable in my office at least to glance at a watch and check to see if that new email your phone is buzzing about is important enough to excuse yourself from the meeting or not. Also being able to screen a call without the fuss of pulling out a phone. Glance at the watch, see it's important, excuse myself from the meeting and pull my phone out on the way is a lot less disruptive.
  So ya, it's a nice to have, but it's quickly becoming a high priority nice to have. I miss it when I forget to put it on in the morning (like today) because I have too little caffeine in my blood.
  Like every other early adopter device, it's got bugs but it's over the "more trouble then it's worth" hurdle for me at least.
  Min
  
  --
  On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
2. Re:Redundant technology by YrWrstNtmr · 2015-06-12 02:47 · Score: 1
  
  I am soooo grateful my office bans (under threat of firing) cellphones, smartwatches, cameras, tablets, etc.
3. Re:Redundant technology by LaurenCates · 2015-06-12 03:51 · Score: 2
  
  I also wear one (Samsung).
  When the Bluetooth is disconnected, it alerts me. This means I left my phone in the house and I need to go back and get it.
  When my customer texts me and requires only a "Yes" or "No" while I'm trying to de-plane, that is a real time and annoyance saver to be able to use one of the pre-programmed Quick Replies.
  Looking at time is much easier and socially acceptable on a watch than a phone.
  The step counter reminds me that I've been sitting too much (I have to access it, but it's still more convenient than to do on my phone) and should move around more.
  The stopwatch/timer gets used for interval training. Better than taking the phone off my arm and fiddle with it or having a stopwatch ready.
  I like it, I use it plenty, but I wouldn't say everyone needs one. I even argued with my customer (who doesn't wear a watch) that a smartwatch would be a waste of money for him.
  
  --
  Some people don't believe in fairies. I don't believe in The Patriarchy.
4. Re:Redundant technology by King_TJ · 2015-06-12 04:00 · Score: 2
  
  Yes, people buy them by the millions.... You're not impressed that 6.8 million were sold in 2014 (the first year this stuff really went mainstream, with lots of version 1.0 products that will get more compelling as the years pass)?
  I have the Apple Watch myself and sure it's redundant -- but that's sort of the point. I mean, in the era of everyone carrying around cellphones which ALL display the date and time, any wrist worn watch is redundant anyway!
  The advantages are ones of convenience, primarily. People tend to keep their phone in a pocket or purse, and it's less convenient to pull it out (probably having to press a button on it to wake it, too) just to check the time, than to glance at a wristwatch. But also, you shouldn't discount the fact that these watches go places the phones don't go. You can take an Apple Watch with you in the shower, for example, or even swimming in a pool. It's relatively waterproof, unlike a phone. And besides, do you have a pocket that would safely secure your phone on your pair of swim-trunks? Around the house, it gives me the freedom to leave my phone on a charger, inside, too, while retaining the usefulness of some of the phone's apps. (I put a wi-fi router out in my garage as a range extender, so my watch stays on my home wi-fi network while I'm mowing the lawn or working on the car.)
  The "bragging rights" thing is severely over-rated..... Unless you're talking about something insanely expensive like that Apple Watch "edition" (which is really only being bought as a piece of bling by celebrities, athletes and fashion magazine folks), most people don't really notice or CARE what you're wearing on your wrist. I don't think a single person has commented on my Apple Watch since I've had it, and I ride on the Metro every day where hundreds of people have the opportunity to say something about it if they wanted to. (I went with the black sport band option, so it doesn't really stand out that much.)
  But sure, it's also of use to the fitness crowd ... a large segment of the market that I'm not really a part of. And these watches are capable of doing a little more than just telling the time, even when the phone isn't tethered to them. You can load playlists of MP3 or AAC music into mine, for example, to listen to over a bluetooth headset. So it eliminates a need to carry a separate iPod player around.
5. Re:Redundant technology by Anonymous Coward · 2015-06-12 04:28 · Score: 0
  
  It's "a lot more socially acceptable" simply because it's new. Smartphones were socially acceptable at first. Same as Bluetooth earpieces.
  If smartwatches becomes popular, they will annoy people exactly like smartphones.
6. Re:Redundant technology by antdude · 2015-06-12 05:30 · Score: 1
  
  For me, I want a stand alone smartwatch that doesn't require a phone like the old school Casio Data Bank watches. ;)
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
7. Re:Redundant technology by adolf · 2015-06-12 06:19 · Score: 1
  
  I have the type of job with double and triple stacked meetings 8 hrs a day
  \
  I want a job where my main responsibility is moving from one meeting to the next under the auspices of accomplishing work.
  Where do I sign up?
  
  --
  Kid-proof tablet..
8. Re:Redundant technology by Anonymous Coward · 2015-06-12 07:37 · Score: 0
  
  I have two very good uses for my Pebble - as a chemist, I often have gloved hands that should not be shoved into my pocket to pull out a smartphone. If my phone (and now, wrist) buzzes, I can just look at my wrist and read my phone caller/email/calendar reminder for the meeting that starts in ten minutes. You would not believe the number of gloves you burn through if you pull out your phone every time your boss sends you an updated experiment procedure or "I need this receipt so I can right now file my reimbursement report that was due last week!" email.
  Also, as a motorcyclist, it solves several of the same problems ("We're running late!" and "Let's meet at Applebees instead" messages), plus can give me smartphone navigation on my wrist, which is simply a godsend.
9. Re:Redundant technology by Anonymous Coward · 2015-06-12 08:57 · Score: 1
  
  It's "a lot more socially acceptable" simply because it's new. Smartphones were socially acceptable at first. Same as Bluetooth earpieces.
  If smartwatches becomes popular, they will annoy people exactly like smartphones.
  No. The reason it is more socially acceptable is because it is unobtrusive.
  The act of glancing at ones wrist is far less likely to disturb/distract the other people in the room than pulling a phone out of your pocket, holding it up, and putting it back in your pocket -even when done below the table and out of line-of-sight of the others in the meeting (or movie theatre...) the glow of the display can be distracting.
10. Re:Redundant technology by Anonymous Coward · 2015-06-12 08:59 · Score: 0
  
  I have the type of job with double and triple stacked meetings 8 hrs a day
  \
  I want a job where my main responsibility is moving from one meeting to the next under the auspices of accomplishing work.
  Where do I sign up?
  Don't you know? The job of management is to attend meetings -thus getting out of the way and allowing staff to actually accomplish real work...
11. Re:Redundant technology by Minupla · 2015-06-14 23:39 · Score: 1
  
  Precisely. My job is to run interference for my department, get them the things they need to be able to do their job and keep other depts from asking them questions, because I've answered them at aforementioned meetings.
  Actually quite a tough job for an introvert, but I've managed.
  That and mentoring the next generation of professionals are my main duties.
  Min
  
  --
  On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
Physical access by QuietLagoon · 2015-06-12 01:38 · Score: 1

Remember when the lack of physical access to a computer was one of the many security rings surrounding that computer?
1. Re:Physical access by 93+Escort+Wagon · 2015-06-12 05:19 · Score: 1
  
  Remember when the lack of physical access to a computer was one of the many security rings surrounding that computer?
  It sounds like, with these phones, lack of physical access is the ONLY security ring surrounding them.
  
  --
  #DeleteChrome
Re:Was this a remote attack? Did the have the watc by Anonymous Coward · 2015-06-12 02:01 · Score: 1

To boot, the Android smartphone which didn't have /data encrypted (which is one of the first things a savvy user turns on)
Well... duh. It is like a researcher buying a car, leaving the boot unlocked, and then saying that just tugging the handle allows an attacker to see what brand of toilet paper you use.
Re:Was this a remote attack? Did the have the watc by Anonymous Coward · 2015-06-12 02:30 · Score: 0

The watch is easier to get lost or stolen which makes it a bit annoying for it to store so much info unprotected, but otherwise, yeah, not a real hack if they just look at the watch physically
Yet Pebble is safe. by Lumpy · 2015-06-12 02:32 · Score: 1, Interesting

The #1 smartwatch.... well actually #2 after the iWatch but it still outsells all the Android wear watches put together, the Pebble is not giving up data.
Plus it is significantly easier to write software and faces for. Oh and that 5-7 day battery life that destroys all other smartwatches...

--
Do not look at laser with remaining good eye.
1. Re:Yet Pebble is safe. by Anonymous Coward · 2015-06-12 02:48 · Score: 0
  
  The Pebble wasn't even tested. The company is also having financial difficulties apparently. As for the "iWatch" - well, it's been a sales disaster when you omit the initial spike of Apple fanboys that bought it.
2. Re: Yet Pebble is safe. by Anonymous Coward · 2015-06-12 03:03 · Score: 0
  
  Interesting definition of "disaster" ie "apparently sold more units than the entire history of the product category from all other vendors combined"
  Even at the "collapsed sales" level, it still exceeds the annual sales of the rest of that market segment of all other devices combined.
  That sounds like a complete disaster.
3. Re: Yet Pebble is safe. by Anonymous Coward · 2015-06-12 05:52 · Score: 0
  
  In terms of revenue, it is a disaster. In terms of functionality - it's also a disaster. It can't even tell you the time without having to wake it up from sleeping.
8 things I learned from wearing an Apple Watch by Anonymous Coward · 2015-06-12 03:45 · Score: 0

Matthew Inman has a decent pros and cons for his Apple Watch: http://theoatmeal.com/blog/apple_watch
Bad titling and fear-mongering by Anonymous Coward · 2015-06-12 04:44 · Score: 0

Apple products collects everything, too, they just doesn't do it as visibly as other watches and phones. Don't get scared into dropping LG, Samsung, and other brands, and resort to buying U.S products, because those are in fact the ones you should be worrying about.
Re:Who cares. Really. by macs4all · 2015-06-12 05:03 · Score: 1

If someone wants to dig through my trash, they'll probably find a lot more interesting stuff than this.
Not mine, they won't.

Since a friend of mine got busted in 1992 for growing pot (for his own use only! Oh Noes! Crime of the Century!!! Indicted him FEDERALLY, even!!!), and the Probable Cause Affidavit listed as "proof", some pot leaves he allegedly left in his trash along with some mail in the same trash bag that had his address, I have NEVER placed ANY "identifiable information" (including even such stuff as receipts with even partial Credit Card numbers, etc.) in my trash. Instead, ALL of that stuff (junk mail, address labels off of mailorder stuff, etc.) goes into a "burn box" under my desk. And periodically, I do just exactly that. Burn it down to a powder, and stir that up before disposing of, um, elsewhere.

Stops the spooks, LEO, and the neighborhood data-scavengers/trash-pickers alike.
Re:Was this a remote attack? Did the have the watc by macs4all · 2015-06-12 05:06 · Score: 1

Well... duh. It is like a researcher buying a car, leaving the boot unlocked, and then saying that just tugging the handle allows an attacker to see what brand of toilet paper you use.
You have a BATHROOM in your CAR?!?!? Wow!!!

That must be one of them newfangled self-driving jobs!!!
Well DOH! by nickweller · 2015-06-12 06:10 · Score: 1

"An anonymous reader sends word that security researchers have been able to extract personal information from a pair of smartwatches"
Re:Was this a remote attack? Did the have the watc by dkman · 2015-06-12 07:46 · Score: 1

When you buy toilet paper how do you get it home? Clearly he's implying he just went shopping.

--
I refuse to sign
Wrong by viperidaenz · 2015-06-12 08:51 · Score: 1

The unencrpyted phone you paired to your smartwatch gives up data.
kim toan thang by nguyenvanhai143 · 2015-06-25 17:08 · Score: 1

http://www.kimtoanthang.vn/the...