Are smart watches secure?

The attack you mention isn't really all that scary or surprising. It doesn't actually attack the encryption used by the devices, but rather the pairing process. When you pair a bluetooth device, an encryption key has to be exchanged. This is done by deriving an AES key from a PIN number. They effectively try all pin numbers against a recorded pairing session in order to recover the AES key that is used long term.

If you establish the pairing for your device securely (in an environment free from attackers), then this attack will be useless, as once the encryption key is exchanged during pairing, it is used for future updates and the key exchange doesn't have to be repeated.

I would rate this vulnerability as very low chance of issue. It could have been avoided pretty trivially by having client and server each choose half of the key for the exchange, but it isn't a huge deal.


Yes, there are other attacks you should be wary of.

There are three types of authentication with Bluetooth "Smart" (aka Bluetooth Low Energy):

  1. Out of Band - This is what you need. Somehow exchange a 128-bit key between the two devices. The main example is to use NFC between the Bluetooth device and a smartphone. If any private information is being exchanged, ensure this pairing mechanism was used.
  2. "Just Works" - Zero protection. The encryption key is the numeral '0'.
  3. Passkey Entry - Six digit PIN, or a value between 0 and 999,999, which is in turn used for encryption. Note that while it is a 128-bit key, the remaining digits are left-padded with '0'.

Source: Bluetooth: With Low Energy comes Low Security.

On the other hand, this theoretical security mechanism increases the security of Bluetooth "Smart" with Merkle's Puzzle.

If you want to delve a little further. this relatively recent whitepaper discuses bypassing passkey authentication.


Here's a quip straight from the bluetooth.org website: The overall goal of keeping the cost ... to a minimum was used in making compromises on security capabilities in Bluetooth Smart (low energy) technology.

A little later, this little tidbit appears: "Just Works and Passkey Entry do not provide any passive eavesdropping protection​."