Today, 25 October (07:03)
Experts once again said about the lack of safety devices designed for children. At this time, security expert Jonathan Zdziarski has found weaknesses in the security system of the Owlet device intended for monitoring of vital functions of the child. Vulnerability devices allow third parties to gain control of the device, which may lead to termination of sending notifications at the time of loss breathing of the child.
/©123RF/PICSEL
Device owlet is a sock and worn on the leg of the child, which monitors his pulse and oxygen levels in the blood. This data is transmitted wirelessly to the base station. If the frequency of the pulse and the oxygen level falls below a safe level, the parent receives a notification of the base station lights up red and makes a sound. In addition, after installing a special application on the mobile device, notifications can be sent to the smartphone parent.
Jonathan Zdziarski, the baby’s father and a security expert, told The Register that his first suspicions related to the safety of the product Owlet appeared in that moment, when he looked at the recording the operating conditions of the device. They protect the company that manufactures the device from liability in case of death of the child. Even more alarming were security vulnerabilities in the software of the device. The base station encrypts the data you send and receive from the servers of the manufacturer who, if necessary, are connected to the device parents. However, the relationship between toe monitoring the vital functions of the child and the database is not encrypted – both the devices exchange data using your own unprotected Wi-Fi network. Thus, if a third person stays in range of the base station and wearable monitoring, can get access to all the transmitted information.
According to the study, the team transferred over HTTP can make it so that the base station instead of having to connect to a Wi-Fi network, parents can connect to another network. Due to the fact that a third party can take control of the affected system, monitor the vital signs of the child and to prevent the sending of alerts to parents – says Kamil Sadkowski, an analyst with threats of ESET company.
Jonathan Zdziarski found a few other design flaws of this device. If the toe falls off the child’s foot, the device will notify the parents that something bad happens to a child. However, after re-sending the socks, the device reset – idle as long as the parent again to turn it on.
according to the website The Register, the company that manufactures the device Owlet assured that want to work together with Jonathan Zdziarskim to eliminate all vulnerabilities that are found.
No comments:
Post a Comment