Assessing the security of a Garmin Smartwatch through Ethical hacking

Abstract: A smartwatch is a device used to track personal data related to health, training, sleep, and diet. The smartwatch industry has seen a steady growth in recent years and is expected to continue to grow. Today many people see the use of their smartwatch as an essential part of their daily routine. Thus, more data is being collected by the smartwatch which raises concerns regarding security and privacy regarding the data collected and distributed by smartwatches. In a worst case scenario, an adversary could perform attacks that would allow them to access personal health records, track the owner, or cause the smartwatch to malfunction either temporarily or permanently. This thesis assesses the security and privacy aspects of the Garmin Vivoactive 4 smartwatch, primarily focusing on the Bluetooth protocol. This was done by first studying research done on security and privacy vulnerabilities of the Bluetooth protocol followed by performing penetration tests targeting the vulnerabilities of the smartwatch. The results of the penetration tests shows that while the Garmin Vivoactive 4 is mostly protected against security flaws, it has multiple vulnerabilities in regards to privacy.