Smartwatch hack could send fake pill reminders to patients

Smartwatch software used to help elderly patients could easily be hacked and abused, security researchers say.

Some of the watches are targeted mainly at dementia patients – and a hacker could even send a reminder to “take pills” as often as they wanted to.

The researchers said they were concerned that “an overdose could easily result”.

The security flaw has now been fixed after they notified the Chinese company behind it, they said.

However, the app that connects to these types of watches has more than 10 million downloads, the researchers say – and there is no way of knowing if it had been exploited by someone else before being fixed.

The flaw was discovered by UK-based security firm Pen Test Partners.

It was in a system called SETracker, used in a wide range of relatively cheap smartwatches made by several different companies, and widely available online.

“We can make any watch reveal the position of the wearer, we can listen to the wearer without them knowing, and we can also alert them to take medication,” said Ken Munro, a partner at Pen Test.

The watches targeted at dementia patients could be useful in scenarios such as the patient getting lost while out for a walk. If that happened, they could trigger a call to their carer, who could track their location, the company said.

The “take pills” notification could let a carer send the reminder from afar.

“This is where it all went wrong,” the researchers wrote in a blog post.

“Anyone with some basic hacking skills… could trigger the medication alert as often as they want.

“A dementia sufferer is unlikely to remember that they had already taken their medication.”

The China-based manufacturer responded within days of being notified of the flaw, and repaired it on their end, securing the system without the need for users to install any updates.

“This is a standard sort of problem that is so common,” commented Prof Harold Thimbleby of Swansea University.

“People think programming is easy. And they rush stuff out, they start selling it, and they don’t check it.”

“Our culture thinks programming is exciting and children can do it. And of course they can,” he said.

“My children can build stuff in Lego, but I wouldn’t let them build a skyscraper – but that’s what we do in programming.”

Source Article