Personal safety devices like panic buttons shouldnā€™t be susceptible to hackers or stalkers, and yet researchers have discovered that two products on the marketā€”the Wearsafe and Revolar devicesā€”had weak security measures in place.

Mark Loveless, a researcher at Duo, outlined the security vulnerabilities of these two devices in a blog post on Wednesday. Wearsafe and Revolar are two personal security wearables designed to help keep users safe with the press of a button. But according to Loveless, both panic buttons can be tracked with a cheap antenna, and the Wearsafe device was vulnerable to a denial-of-service attack, meaning it could be remotely rendered unusable.

When the phone wasnā€™t connected to the device via Bluetooth, Loveless was able to inundate the Wearsafe panic button with Bluetooth connections, which locked up the device. In order to reactivate it, the owner would have to take out the battery and then put back in. The Revolar wearable was not vulnerable to this type of attack, Loveless found.

The Wearsafe deviceā€”described as the ā€œGlobal IoT Solution for Personal Safetyā€ā€”can be tracked with a free scanner app if you are nearby, said Loveless. But the researcher noted that if you shell out around $50 for a bigger antenna, you could track the device from a quarter of a mile away or farther.

The Revolar device, advertised alongside the language, ā€œEveryone deserves to feel safe,ā€ is a bit more difficult to detect, according to the study. Unlike the Wearsafe device, someone couldnā€™t simply use a free app or antenna to scan for the device, said Loveless. But since the Bluetooth-enabled device is simply named ā€œRevolarā€ by default, itā€™s detectable while it is communicating with a connected phone. However, as Loveless noted, this only happens for about 30 seconds every hour.

Advertisement

Loveless said that he contacted both Wearsafe and Revolarā€”the former addressed the security vulnerabilities, while the latter apparently did not respond. We have reached out to both companies for comment.

Thereā€™s a troubling irony in finding security vulnerabilities in these personal safety devices. A device that should, say, help someone fend off a stalker should not ultimately leave users in a more vulnerable position.

[ZDNet]

Advertisement