Concerns have emerged regarding the new generation of Timex and Casio watches, and their potential to be used as a means to compromise computer system integrity, or obtain information stored on personal computers. These watches communicate with other electronic devices, including personal computers.

Currently, the maturity and robustness of this technology is so limited that there is no identified security weakness. While these watches deploy other functions beyond the scope of keeping time, they do not represent a viable threat to computer systems at the present time.

It is important to recognize that new threats to computer system integrity continually loom in the future. The early recognition of a potential problem can allow proactive plans to mitigate future problems. Spotting and reporting new trends in office technology and equipment will keep all DOE security professionals alert and poised for the future.

Some dialog on the Internet suggests that there is a growing interest in manipulating this type of technology. Ongoing effort by several people in the Internet community evolve around communicating with a Timex DataLink watch, writing new code and script for the watches, and writing their own wristwatch applications.

Due to lack of information and no cooperation from Timex, these individuals have been forced to reverse-engineer the product. For instance, they have found out that the Timex DataLink watch is based on a Motorola 6805 micro controller. Motorola has the complete text of their technical reference manuals on the Internet, available for the downloading.

Using that information, a light sensitive circuit, and an updated version of a communications program, Internet community members have been able to decipher the majority of the protocol for the Data Link150 and write a program to reprogram the watch.

The sophistication of this type of technology is currently considered too immature to pose a legitimate threat. However, in the near future, the memory and programming abilities of this technology could pose a viable concern to information systems. This prognostication is based on, but not confined to, the following limiting factors:

* Limited transmission/reception range
* Limited RAM memory
* Limited platform viability - Windows
* Limited software application viability
* Limited target information value

Following is a sampling of the unique features and specifications of some examples of this watch communication technology.

Timex Data Link, Model 150

The Timex Data Link 150 watch is the latest in the line of computer programmable watches. Using a personal computer and a Timex developed software application, in seconds it can send up to 150 entries (appointments, phone lists, etc.) to the watch, without wires, cables, or an infrared port.

Limitations:

* The Timex Data Link Watch does not work with any Liquid Crystal Display or active-matrix monitors.
* Information cannot be programmed directly into the watch without using the computer.
* The watch is receive only and operates only in the visible light spectrum.
* The watch memory is extremely limited (<4 Kbits).
* The communication range is extremely limited (within 5 to 10 inches of monitor).

Casio Wrist Remote Controller, Model CMD-30B-1A
The Casio Wrist Remote Controller watch is a full-function timepiece but also has the ability to function as a TV, cable box, and VCR remote control. Using an infra-red beam similar to those used in most TV/VCR remote controls, the watch can control most major brands of TVS, VCRs, and stereos.

Limitations:

* Some TV and VCR models may not work properly with this watch.
* The watch is transmit only and operates only within a small infrared frequency band.
* The watches memory is extremely limited (<4 Kbits).
* The watch operates only in line-of-sight with a limited distance range.

Casio Infra-Ceptor, Model JG-100D-1
The Casio Infra-Ceptor watch is a full-function timepiece with daily alarm. It also has the ability to store a telephone directory with up to ten sets of data, each set including up to 43 characters. In addition the watch can play games using an infra-red beam. The beam function can also use the infrared light to exchange telephone directory data or message data with another watch or the Casio Digital Diary.

Limitations:

* The watch is transmit only. And operates only within a small infrared frequency band.
* Memory is extremely limited (<4 Kbits).
* The watch operates only in line-of-sight, with a limited distance range.

As technologic advances are fielded and proliferate in the DOE office environment, security professionals are frequently alerted after the fact. Increasingly, potent vulnerabilities are discovered, typically after damage has been done. It is important to appropriately assess a new technology for security concerns, and, if necessary, apply restrictions to prevent the unintentional compromise of security operations or equipment. The possibility of such devices representing a future threat warrants attention to all new office technologies.

Awareness information should be disseminated through appropriate channels when technologies such as this are identified, and information should be forwarded to cognizant security authorities for examination and assessment.

Security and Privacy Notice
To contact send email to ISRC
Last Updated October 2001