Hacker News new | ask | show | jobs
by Eridrus 3782 days ago
Using just signal strength as an authenticator is a bit of a shaky idea for actual security IMO. Car thieves have been using signal amplifiers to break into cars for a while now.

I think you should have some initial prompt on the watch that asks the user if it is OK to unlock the device. It's more friction, but otherwise it's trivially bypassable.
1 comments
rrebelo 3782 days ago
> Car thieves have been using signal amplifiers

Very true. But I am using Bluetooth and it has much better security protocols than the plain simple radio-frequency signals for car remote controls. At the very least, the user needs to first pair the watch with the computer. Besides, all communication between the 2 is encrypted. And, to avoid Bluetooth spoofing, there is also an exchange of time-based encrypted tokens, all transparent for the user. There are a few more security details about it (e.g.: the authentication password is not stored in the watch, is AES-encrypted in the computer, etc). I intend to write a detailed risk-assessment about it later.

In truth, my intention is someday to make it FIDO-UAF [1] compatible, if I have get the money to do it.

It is very cool to understand what concerns people have about it. Thank you.

[1] https://fidoalliance.org/specifications/overview/

link
Eridrus 3782 days ago
I believe that you can safely pair with the watch and authenticate it reliably and an attacker can neither read nor modify what you send; this is largely a solved problem.

But I am concerned that you cannot measure proximity accurately because an attacker could just replay messages between the two devices and boost the signal without being able to decipher the contents, and none of your comments about crypto or time-based tokens convince me otherwise.

link
rrebelo 3782 days ago
> an attacker could just replay messages between the two devices and boost the signal without being able to decipher the contents

As a simplified version of a MITM attack? That is clever, I admit I didn't think of it.

However, even in case the attacker is able to do so, the watch would still inform the user when the PC is unlocked. And the user can manually force a lock, from the watch, overriding the proximity/signal strength. To intercept this the attacker would need to decipher the messages. That is for the Android Wear-Windows PC version, though. I admit the Mac version is not that sophisticated, yet.

link
Eridrus 3782 days ago
> However, even in case the attacker is able to do so, the watch would still inform the user when the PC is unlocked. And the user can manually force a lock, from the watch, overriding the proximity/signal strength.

It's better than nothing, but the user is likely to think of it as a malfunction if they are far away (e.g. at a coffee shop), and the watch may not actually be physically on them at the time either.

And a second is really enough to plant malware on a computer; you can already buy a USB stick which types in commands much faster than a human: http://hakshop.myshopify.com/products/usb-rubber-ducky-delux...

Though that might be more of an argument about why this attack vector is unrealistic since most people don't even have full disk crypto on their phones/computers.

Also, not sure if you've seen this, but surprisingly these guys are still around: http://www.knocktounlock.com/

link
icebraining 3782 days ago
And the user can manually force a lock, from the watch, overriding the proximity/signal strength. To intercept this the attacker would need to decipher the messages.

Not if the attacker stops the relay right after the PC is unlocked.

link
rrebelo 3782 days ago
> Not if the attacker stops the relay right after the PC is unlocked.

No, if it happens the program falls back into the "user is away->lock the computer" mode.

link
icebraining 3782 days ago
So what happens if my watch shuts down for some reason while I'm using the computer?
link
joshka 3780 days ago
So, don't unlock without watch confirmation. Ever.
link