Smartwatch is a wearable computing device which is connected via Bluetooth to smartphones. It is an IoT device and does many other functions other than telling time.
It can also be connected using Wi-Fi, GPS and NFC. These devices can be exploited by hackers to gain confidential information regarding a user by hijacking the device’s microphone, sensors, and the wireless communication.
Smartwatches are capable of tracking down the complete activity of the user, including their health and fitness. Hackers can use the location and movement sensors on the smartwatch to track the movement and location of the user.
Table of Contents
This wearable IoT device are mostly used for many functions such as tracking exercise, or checking time, message, and emails, helping the users of these device to accomplish everyday tasks.
The attacker can gain sensitive information from the device, including PINs, passwords, physical location of the user, after gaining root access to the device.
Network Connections in Smartwatch
- Bluetooth – uses short wavelength to pair with other Bluetooth devices. Bluetooth uses UHF radio waves to connect to devices and build personal area networks (PANs).
- Wi-Fi Connections – helps to establish a wireless local area network (WLAN) to connect among IoT devices. It forms connection with compatible devices and with the router as well as other devices connected to the same network.
- GPS Connections – helps to determine the physical location of the smartwatch. Smartwatches can obtain satellite signals and helps to determine the live location of the user.
- NFC Connections – They are short ranged wireless connections which helps to IoT devices to interact with each other. NFC smart poster enabled wireless devices can easily connect each other without the need for a constant power supply.
APIs in Smartwatches
If a smartwatch is found in a crime scene without a paired device, it is difficult for forensic investigators to gather relevant evidence from the watch. It is because smartwatch is always synced with smartphone, and these devices do not store physical data by themselves. Most of this data is stored either in smartphone or in a cloud interface.
The basic framework of the smartwatch consists of the following APIs:
- Data API – helps the data to sync with the smartphones. After sync process, the data is automatically transferred among the two devices.
- Message API – This API manages calls, messages and emails by sending a small payload to the connected smartphone.
- Node API – This API manages all nodes that can be connected or disconnected on the smartwatch. Smartphones receives notifications with the help of node API whenever a new connection is established among the IoT devices.
Data Acquisition in Smartwatch
Logical Acquisition
The following are steps to acquire files in a smartwatch without a paired device:
1. Enable developer options in the smartwatch
2. Connect Wi-Fi network to the watch.
Note: Smartwatch and Forensic workstation should be connected in same network.
3. Enable Wi-Fi Debugging Go to Settings > Developer Options > Debug over Wi-Fi.
Now, IP address can be seen on the smartwatch.
4. In the terminal in forensic workstation, use the command:
adb connect <device_ip_address:port_number>
5. To perform logical acquisition, use the command:
adb pull <source_directory> <destination_directory>
You can the destination directory to see the if the files are copied.
Physical Acquisition
The steps involved in physical acquisition of a smartwatch without a paired devices are following:
1. Using Android SDK platform tools, establish a connection between device and the forensic workstation.
2. Use the command adb devices to list down the devices.
3. Run adb shell command to acquire root shell.
4. To perform boot partition image of the device, use the following command:
dd if=<source_drive> of=destination_drive> bs=512
Note: Physical Acquisition of a smartwatch can only be done on a rooted device.
Important Files of an Android Wear
Forensic Analysis of an Evidence File
When analysing the acquired image, the investigators should create a backup copy of the image as a precautionary measure. The image file can be analysed using the tool Autopsy.
It helps to extract valuable artifacts such as data stored on the device, deleted files, application data, system files, etc. The following is an image of forensic analysis of Android Wear using the tool Autopsy:
Conclusion
Smartwatches are IoT based devices which connect to our smartphones and do more than just telling time. These handy devices are also targets for hackers who might try to steal our personal data.
Forensic analysis of these devices is very challenging for the investigators. Careful analysis of acquired image will help the investigators to gain valuable information.