Deception Attacks against Android-Based Smart Bracelets

Abstract

The rapid development of the intelligent equipment industry has promoted the emergence of a series of emerging industries, effectively improving the technical level of society and people’s quality of life. Due to the inherent characteristics of smart devices, smart devices face serious privacy disclosure risks. Therefore, we have studied the security problem of the widely used smart device smart bracelet in this paper. We have adopted the attack method from easy to difficult to obtain the reading and writing instructions and timing characteristics of the intelligent devices to attack and steal private information. Specifically, we first attack through the strategy of log analysis; if this method is unable to obtain effective information, then we further acquire sensitive information on the basis of hook technology; and if the method on the basis of hook technology is still unable to obtain relevant information, then we will further use reverse engineering to conduct reverse analysis on the app to obtain sensitive information. Second, we develop a fake app on the basis of sensitive information and use it as a bridge to attack intelligent devices. In order to verify the effectiveness of the method, we successfully attacked and stole information from three popular business intelligence bracelets of different brands on the basis of the proposed method. The first step is to develop a fake app on the basis of the identified vulnerabilities. This app can bypass the protection measures of confusion and forced pairing and resetting to cheat the smart bracelet and can successfully enable or disable the jitters function remotely to modify the time and to obtain the sensitive data of the smart bracelet owner. In our attack process, we do not need the cooperation of the owner of the smart bracelet, nor do we need the target smart bracelet to match with our app.