Smartwatches May Look Cool, But They Are Also Vulnerable

A fast growing market as of late is that of wearable technology. Smartwatches in particular have increased in popularity within the past year and this trend doesn’t seem to be slowing. And why would it when smartwatches are handy multi-functional devices that also look cool on your wrist? Smartwatches made by giants such as Apple and Google can send messages and use mobile apps while also acting as your personal fitness coach. All of this in a fashionable little watch with touchscreen capability.

However, the novelty that makes smartwatches so exciting is also what makes them vulnerable. Research conducted by HP Fortify Software Security Center in mid-2015 revealed that ten of the top smartwatches on the market are vulnerable to cyber attacks. Since these gadgets are fairly new, their security features are underdeveloped at best.

Some of the significant vulnerabilities found in smartwatches include insufficient authentication, lack of encryption, and privacy concerns.

Authentication

None of the devices in the HP study had physical authentication enabled by default and many did not have a lock-out ability or the option to wipe the device after a failed number of log-in attempts. This leaves smartwatches vulnerable to thieves and hackers.

Encryption

Transport encryption on smartwatches is lacking. This is a concern due to the fact that many smartwatches can store and transmit data to cloud storage and the protection of data being sent back and forth could be at risk because of weak encryption.

Privacy

Smartwatches represent a risk to personal security and privacy as all of the watches analyzed contained some form of personally identifiable information. Smartwatches can contain data such as heart rate, gender, and address that, due to a lack of security, could leave users vulnerable to data theft.

Only half of the smartwatches test by HP had a screen lock such as a PIN code. In addition, some smartwatches can be paired with unfamiliar smart phones as long as they are within the vicinity.

Tips for keeping your smartwatch safe

  1. Enable security features
    Use a passcode lock and activate two-factor authentication.
     
  2. Install a security app
    Apps that encrypt sensitive data can be used to thwart attackers while an anti-virus app can help prevent malware.
     
  3. Delete data
    Remove any unnecessary or outdated information from the device as well as the cloud.
     
  4. Don’t accept unknown devices
    Reject pairings from any unfamiliar or suspicious device that requests to link with your smartwatch.
     
  5. Inspect downloads
    Be careful about downloading email attachments and opening files from unknown senders to avoid infecting your device.
     
  6. Don’t perform important operations
    A smartwatch isn’t the best device for making online payments or money transfers, so avoid this altogether.
     
  7. Turn off sensors not in use
    If you are not using your watch for fitness, then you should disable sensors used to track things such as motion and heartbeat.
     
  8. Keep it on your wrist
    This might seem like common sense, but never leave your device unattended. Physical security is just as important if you are, for instance, charging the device in public.
     

To learn more about smartwatch vulnerabilities, see the following articles:

HP Study Reveals Smartwatches Vulnerable to Attack http://www8.hp.com/us/en/hp-news/press-release.html?id=2037386#.VsIX8vkrKUk

Smartwatch security fails to impress: Top devices vulnerable to cyberattack http://www.zdnet.com/article/smartwatch-security-fails-to-impress-top-devices-vulnerable-to-cyberattack/

When smartwatches become a living nightmare https://blog.kaspersky.com/smart-watch-nightmare/11144/

 

Image from: http://www.kansas.com/news/local/c5ra8e/picture27049300/ALTERNATES/FREE_...