Google has corrected a security vulnerability in its Wear OS smartwatches that could have allowed attackers to crash specific applications, render the app or the watch unresponsive, or cause continuous reboots.
Purdue University’s Saurabh Bagchi and colleagues uncovered the flaw using the Vulcan tool, which feeds a program or app different permutations of data until one exposes a weakness.
Through this fuzzing technique, the researchers learned that a hacker could hijack an app or the smartwatch by manipulating the language, or Intents, that apps use to communicate.
Sending such Intents at high volumes when the operating system is less stable could overload the app or watch, even without root-level privileges.
The Purdue team demonstrated a proof-of-concept mitigation method, and released its codebase on GitHub after Google issued a patch for the Wear OS vulnerability on June 24.
From Purdue University News
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA