Exploiting Vulnerabilities to Remotely Hijack Children’s Smartwatches

Bergström, Lukas; Linusson-Hahn, Lage

diva-portal.org

Digitala Vetenskapliga Arkivet

Simple search

Advanced search -
Research publications Advanced search -
Student theses Statistics

English Svenska Norsk

Change search

Cite ExportLink to record

Permanent link

https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-359420

Direct link

https://www.diva-portal.org/smash/record.jsf?pid=diva2:1933447

Cite

Citation style

apa
ieee
modern-language-association-8th-edition
vancouver
Other style

More styles

Language

de-DE
en-GB
en-US
fi-FI
nn-NO
nn-NB
sv-SE
Other locale

More languages

Output format

html
text
asciidoc
rtf

Exploiting Vulnerabilities to Remotely Hijack Children’s Smartwatches

Bergström, Lukas

KTH, School of Electrical Engineering and Computer Science (EECS).

Linusson-Hahn, Lage

KTH, School of Electrical Engineering and Computer Science (EECS).

2024 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis

Abstract [en]

With the increased availability of Internet of things (IoT) products, more and more people areintegrating them into their everyday lives. Many of these IoT products contain sensors whichgather sensitive information and therefore are in need of good cybersecurity. Currently themarket gives little incentive to prioritize the security in IoT products resulting in numerousdevices with poor security measures being available to consumers. The purpose of thispaper is to conduct a vulnerability research on the Forever Call Me! KW-50 and itssuccessor the Forever Call Me 2 KW-60 which are smartwatches designed for child-parentcommunication. Using methods for vulnerability research including STRIDE and PatrIoT athreat model was created which was the base of the penetration testing. The results of thisstudy showed that the KW-50 was susceptible to a Man-in-the-Middle (MITM) attack and thatboth the watches were vulnerable to information disclosure and hijacking.

Abstract [sv]

Med den ökade utbredningen av Internet of things (IoT) produkter har fler än någonsinintegrerat dessa i sina liv. Många av dessa IoT-produkter har sensorer som samlar in känsliginformation and behöver därför bra cybersäkerhet. Dagens marknad ger låga incitimatent attprioritera säkerheten i IoT-produkter. Syftet med denna artikel är att göra en säkerhetsanalysav Forever Call Me! KW-50 och dess efterföljare Forever Call Me 2 KW-60 som ärsmartwatches designade för kommunikation mellan barn och föräldrar. Med metoder försäkerhetsanalys som STRIDE och PatrIoT skapades en hotmodell vilkenpenetrationstestningen var grundad på. Resultaten av studien visade att KW-50 var sårbarför en Man-in-the-Middle (MITM) attack och båda klockorna var sårbara förinformationsläckage och kapning.

Place, publisher, year, edition, pages

2024. , p. 587-593

Series

TRITA-EECS-EX ; 2024:187

National Category

Electrical Engineering, Electronic Engineering, Information Engineering

Identifiers

URN: urn:nbn:se:kth:diva-359420OAI: oai:DiVA.org:kth-359420DiVA, id: diva2:1933447

Supervisors

Johnson, Pontus

Examiners

Kullen, Anita

Projects

Kandidatexamensarbete Elektroteknik EECS 2024Available from: 2025-01-31 Created: 2025-01-31

Open Access in DiVA

fulltext(121150 kB)

55 downloads

File information

File name FULLTEXT01.pdfFile size 121150 kBChecksum SHA-512

82342f1408fe2aae929f55e76f2a176a8521cf94c0fe100464225724a9b74ddff6f61a0fb1cf957b5d6400be30877b9d0aec28080253ae7c1e09793536e10217

Type fulltextMimetype application/pdf

Total: 55 downloads

The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Total: 3228 hits