|
|
|
|
|
|
by rrebelo
3782 days ago
|
|
|
> an attacker could just replay messages between the two devices and boost the signal without being able to decipher the contents As a simplified version of a MITM attack? That is clever, I admit I didn't think of it. However, even in case the attacker is able to do so, the watch would still inform the user when the PC is unlocked. And the user can manually force a lock, from the watch, overriding the proximity/signal strength. To intercept this the attacker would need to decipher the messages. That is for the Android Wear-Windows PC version, though. I admit the Mac version is not that sophisticated, yet. |
|
|
It's better than nothing, but the user is likely to think of it as a malfunction if they are far away (e.g. at a coffee shop), and the watch may not actually be physically on them at the time either.
And a second is really enough to plant malware on a computer; you can already buy a USB stick which types in commands much faster than a human: http://hakshop.myshopify.com/products/usb-rubber-ducky-delux...
Though that might be more of an argument about why this attack vector is unrealistic since most people don't even have full disk crypto on their phones/computers.
Also, not sure if you've seen this, but surprisingly these guys are still around: http://www.knocktounlock.com/