Everyday, exciting new technologies are connecting us with one another and with data in ways that help our lives. However, as documented in incident after incident, flaw after flaw, and breach after breach, those internet-based pleasures and conveniences can go from good, fun, and helpful to bad in very fast and unexpected ways.
At Gate 15, we spend a lot of time discussing Blended Threats. a Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.
In a post on 9 July 2020, the team at Pen Test Partners (@PenTestPartners) wrote “Hacking smart devices to convince dementia sufferers to overdose,” stating, that they had recently discovered a flaw “that was a little different: it was aimed at the elderly, particularly those with dementia or other cognitive impairments.
“If the wearer goes for a walk and forgets their way home, which can be a real problem for dementia sufferers, their carer can easily track them with a mobile application… The watch does something else that we felt would be particularly useful during the recent lockdown: the carer could trigger the watch to remind the wearer to take their medication.” This useful function, however, could be abused. “Like every smart tracker watch we’ve looked at, anyone with some basic hacking skills could track the wearer, audio bug them using the watch, or perhaps worst, could trigger the medication alert as often as they want. A dementia sufferer is unlikely to remember that they had already taken their medication. An overdose could easily result…”
Pen Test Partners notes a related concern for a children’s device and shares that the “app that works with the watches has been downloaded over 10 million times.”
We encourage you to read the complete post, which includes a deep-dive with technical details and the disclosure timeline – all very properly and professionally handled.
As we embrace convenience, cool gadgets, and fun ways to connect with each other, our homes, and other innovative ideas, the dangers associated with blended threats will continue to flourish.
Have fun, enjoy convenience, and be careful. Always apply best practices and basic security hygiene. CISA (@CISAgov) offers some good basic tips for shopping safely and enjoying new devices. See their page on Holiday Online Shopping and the section on Checking Your Devices for some ideas.