{"id":209681,"date":"2025-06-24T06:32:17","date_gmt":"2025-06-24T06:32:17","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/209681\/"},"modified":"2025-06-24T06:32:17","modified_gmt":"2025-06-24T06:32:17","slug":"hacking-xiaomi-smartwatch-using-touch-point-to-find-unlock-pin-coordinates","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/209681\/","title":{"rendered":"Hacking Xiaomi Smartwatch Using Touch Point to Find Unlock PIN coordinates"},"content":{"rendered":"

\"Xiaomi<\/a><\/p>\n

Security researcher Sergei Volokitin has presented findings on hardware vulnerabilities discovered in Xiaomi devices, including the company\u2019s S3 smartwatch, during a presentation at a major cybersecurity conference.<\/p>\n

The research was conducted as part of a collaborative security event where researchers and vendors work together to identify and address device vulnerabilities.<\/p>\n

The security research was conducted during the conference\u2019s \u201cHard Pwn\u201d event in November 2024, where independent security researchers gathered to examine various consumer electronics for potential vulnerabilities.<\/p>\n


\n\"Google<\/a><\/p>\n

The event, which takes place annually in the Netherlands and the United States, brings together security experts and device manufacturers in a collaborative environment focused on improving hardware security.<\/p>\n

During the multi-day event, researchers were provided with professional-grade equipment, including soldering irons, heat guns, and oscilloscopes, to conduct their hardware analysis.<\/p>\n

The format enables security experts to collaborate directly with vendor representatives to identify vulnerabilities and report findings that can enhance device security.<\/p>\n

Xiaomi Smartwatch Hacked<\/strong><\/p>\n

The 2024 event specifically featured Xiaomi products, including Mi Band fitness trackers, smartwatches, headphones, and other consumer electronics. Previous years have seen similar collaborative security examinations of devices from major technology companies, including Meta\u2019s Oculus products and Google\u2019s Nest ecosystem.<\/p>\n

Sergei Volokitin, who specializes in low-level security analysis and conducts independent security research alongside bug bounty<\/a> work and security consultancy, focused their attention on two primary Xiaomi devices during the event.<\/p>\n

Initially examining an outdoor camera system, the researcher discovered that recorded footage was stored in plain text format on the device\u2019s file system, allowing potential attackers to recover video content.<\/p>\n

The camera analysis revealed additional security concerns beyond unencrypted storage. The researcher identified that security tokens used for backend communication were stored in accessible locations on the device\u2019s file system.<\/p>\n

These tokens could potentially be exploited by attackers who gain physical access to the device. Both vulnerabilities<\/a> were reported to Xiaomi, and the company acknowledged the security findings.<\/p>\n

Following the camera research, the security expert shifted focus to Xiaomi\u2019s S3 smartwatch, noting that the device presented interesting security challenges due to its limited third-party application support.<\/p>\n

Modern smartwatches, the researcher explained, function similarly to smartphones with restricted capabilities but still handle sensitive user data, including text notifications, calendar information, fitness and health metrics, and payment card data for contactless transactions.<\/p>\n

\"\"\/<\/p>\n

The smartwatch also supports Bluetooth connectivity for phone integration and NFC capabilities for both payments and device unlocking features with Xiaomi smartphones. This combination of sensitive data access and multiple connectivity options makes such devices attractive targets for security research.<\/p>\n

The research highlights the increasing importance of hardware security in consumer electronics, particularly for devices that users carry daily and may lose or have stolen.<\/p>\n<\/p>\n

Unlike stationary devices in secure environments, wearable technology faces unique security challenges due to its portable nature and the sensitive personal data it stores and processes.<\/p>\n

The collaborative approach demonstrated at HardPwn represents an industry trend toward proactive security research, where manufacturers work directly with security researchers to identify and address vulnerabilities before malicious actors can exploit them.<\/p>\n

This partnership model allows for responsible disclosure and security improvements that benefit all users of these increasingly connected devices.<\/p>\n

Meet the cyber warriors Who Stopped the WannaCry Ransomware attack => Free Live Webinar<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"Security researcher Sergei Volokitin has presented findings on hardware vulnerabilities discovered in Xiaomi devices, including the company\u2019s S3…\n","protected":false},"author":2,"featured_media":209682,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3160],"tags":[1685,53,16,15],"class_list":{"0":"post-209681","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-gadgets","8":"tag-gadgets","9":"tag-technology","10":"tag-uk","11":"tag-united-kingdom"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/114736945500909755","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/209681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=209681"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/209681\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/209682"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=209681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=209681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=209681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}