Should You Worry About Smartwatch Security?
Smartwatch privacy and security share similar risks with many other smart and IoT devices. Although popular brands have some protections in place, there are known vulnerabilities that may affect your smartwatch. With smartwatches being made for all ages, it’s only natural to wonder about the dangers to your privacy and data (or to that of your loved ones). After all, smart watch threats are not coming from all directions (yet!), but that doesn’t mean that your smartwatch data isn’t perfectly safe either.
The convenience of these products can sometimes make your data easier for hackers to access. However, despite these concerns, there are ways you can protect yourself.
Smartwatch Security Risks
Smartwatches are just one of many smart tech products that contribute to the Internet of Things (IoT), and as this market continues to grow, these devices will become increasingly vulnerable to cyber-attacks. Thanks to the IoT, plenty of activities have become easier thanks to devices being able to “talk” to each other. However, this data exchange is valuable and will inevitably be a target for hackers…
Lack of Vetting for IoT Consumer Safety
Most concerns around smartwatch privacy are based around the hazards of connected tech and the lack of cybersecurity standards surrounding the IoT. As more analog devices connect to the internet (and each other) — even light switches in your smart home – will have a need for cyber security.
Watches are among many smart tech product types entering a security “grey area”, where no one is rating IoT products on the quality of their user protection and security. In fact, without a central authority labeling IoT devices with clear safety rankings, most consumers have no clue how safe their watches are. So, there is no guarantee that your watch can guard against current cyberattack methods.
Is Your Smartwatch Data Exposed?
Smartwatch data can tell a fraudster a lot about you and your activities. All the info gathered, sent, and received by these devices becomes perfect for hijacking your identity and life. This, however, doesn’t mean you should ditch your smartwatch. Rather, you should become more aware of how your data is being handled by the manufacturer of the watch.
Smartwatches gather tons of personalized information on you - passing it through connections like Bluetooth and the internet. Your GPS location, motion tracking, credit card transactions, and calendar in isolation may be relatively safe. But combined, these details can reveal your ATM PINs, passwords, daily routine, and more. In theory, if your manufacturer uses centralized, in-house services to store and process your data — a single company breach could open you to data theft.
User data compiled on these devices is sent from your service provider to third parties. This isn’t necessarily malicious, since this helps providers with data storage, processing, and analyzing to give you a better experience.
The catch: this data may also be used by some third parties to create advertising profiles on you. Also, this data might end up with many different companies - creating more points-of-attack to breach your privacy. It’s worth remembering though, not all smartwatch brands handle your data in the same way, so you’ll need to read up on your manufacturers policies on data collection.
Can smartwatches be hacked?
Make no mistake: weaknesses in smartphone security do exist. In fact, some attack attempts have already been recorded for these devices. But while there haven’t been many major breaches with smartwatches yet, white hat hackers (also known as ‘good’ hackers, who help businesses identify weaknesses in their products/programs/software) have helped to reveal some security gaps.
Phishing can occur if you download a fraudulent app and enter any personal info into it. These apps are more common on unofficial app stores but are not entirely absent from Google and Apple app stores. These fakes apps work by asking you to login to your Google account, and then a fake form grabs your credentials — making you unwillingly compromise your own account.
Bluetooth Low Energy
Bluetooth Low Energy pairs your smartwatch to your phone, headphones, and other devices. But there are vulnerabilities in Bluetooth data encryption thanks to its complicated protocols. With weak encryption the data, a criminal can force themselves into your connection using minimal effort (unfortunately, Bluetooth is an important connective feature on wireless-first devices like smartwatches).
Accelerometer data helps your smartwatch track movement for health and fitness features, such as steps taken.
This accelerometer data can also be analyzed to reveal passwords and credit card numbers. Repetitive movement data trends can be used to figure out the computer keyboard typing motions that reproduce your credentials. Admittedly, this takes a lot of work, making this hacking method unlikely to be used; but it is possible. In fact, if the payoff is great enough, cybercriminals may hand-pick higher value targets for this approach.
Factory Default Passwords
Factory default passwords are a backend technical tool used to access IoT devices. Because these go unchanged after you take these devices home, a hacker can easily find your password online or buy these default passwords on the dark web.
To prevent this easy access, consumers first need to be aware it exists.
Usually manufacturers bury password change instructions within tech manuals that a user never reads. Sometimes you’ll have to contact the company directly to update your password properly. But some owners who have purchased cheaper smartwatches can’t even find a way to contact the original manufacturer.
Inexpensive online products are commonly bought in bulk and rebranded by tons of secondary distributors. Many kids’ watches are sold in this fashion, leaving them with a major security threat, which is why it’s best that you only buy smartwatches from trusted, well-known, brands such as Apple, Fitbit or Garmin, etc.
Reconfiguration via Text Message
Some kids’ smartwatches have been discovered to be hackable simply by sending them a text. Using specifically written text messages, some watches can be reprogrammed to benefit the hacker. This method can re-pair the watch to the criminal’s phone, giving them more control and access to the device. They can then track the watch through GPS, and they can even call the user.
Despite being discovered in low-end kids’ models, many other cheaper smartwatches may have similar vulnerabilities. This is because cheaper manufacturers usually don’t have much regard for safety over user-friendliness when putting an entry-level product together. Whereas, reputable high-end brands like Apple are held with more accountability, but still often run into this convenience versus security debate.
These security concerns have driven manufacturers to upgrade with more emphasis on encryption and guarding against app store malware. However, the lack of industry standards makes it impossible to guarantee that any product will be properly protected.
How to Protect Your Smartwatch Data
With the lack of consumer protections, you’ll still have to be cautious in your use of smartwatches. You can start to limit your risks simply by using existing smartwatch privacy features. The rest of your self-protection comes back to being aware of what you connect to your watch.
On-Device Security Settings
Block unauthorized pairing via your watch’s version of the Activation Lock setting. This feature keeps stolen watches from being accessed. Apple Watch and Samsung Gear both use this feature, but your watch may vary.
Two-factor authentication uses a follow-up confirmation on a second device to keep out unwanted users. Some devices are known not to have this setting, so be sure yours does before buying.
Password protection on the lock screen is yet another roadblock for thieves and hackers.
Smartwatches may offer multiple types of protection, so be sure to activate as many as possible.
These might include:
- PIN or pattern to unlock for use.
- Lock if too far from phone.
- “Lock on Removal” detection.
Securing Your Paired Smartphone
Protecting your smartphone is just as important as securing the watch itself. These two devices work together often, and this data exchange may leave you vulnerable to hacks.
Never use unofficial app stores like those accessed on jailbroken devices or on the web. Native app stores protect you from downloading malware apps. However, always trust your gut with any app and investigate before installing. Not even the Apple App Store and Google Play can catch every malicious app.
Don’t jailbreak your phone because this leaves you open to security risks. Breaking out of your phone’s walled garden means choosing to skip OS updates. Since you can’t keep your phone jailbroken and keep OS up to date, you’ll be missing the latest security patches. In addition, jailbroken app ecosystems can be filled with dangerous apps that are never checked or removed.
Keep your device up to date with all the newest OS and app versions. As noted above, updates come with critical security fixes. Delaying updates can lead to attacks that are easily avoided — so update as soon as possible. Also be sure to remove any apps that have not been updated in years. Old program code used to make apps is a frequent target of cybercrime.
Use a virtual private network connection (VPN) to encrypt your smartphone’s internet connection. With your data being unreadable to onlookers, you can safely connect to public Wi-Fi. Another benefit is that some of these service providers like Kaspersky VPN Secure Connection also offer packages with antivirus and malware protection.
Smart Home Control
Don’t connect all of your IoT devices to your watch. Hackers could target smartwatches and use them like a keyring to access your in-home smart devices. Since someone could steal your “keys” through the internet, you might want to leave some keys off the keyring (as it were). For example, your smart home security (door locks, security cams, etc.) could make you an easy target for home invasion.
Set up guest Wi-Fi and try to keep your watch off main home network all together. Isolate your smartwatch and any guest devices from secure home devices on main network. Mobile devices that connect to public Wi-Fi or other non-home devices are more likely to be compromised.
Remove unused or outdated devices from your home network. Any untouched tech might be missing important software updates, which is awful for your security. You might consider updating your smart products, but older models are more likely to be unsupported.
Update all devices used on your network. We can’t say it enough: security patches are crucial. Keep all your devices—even your smart TVs—loaded with the latest firmware. If they are unable to be updated, you might want to either replace the device with a newer model or take it off your network.
Change default backend passwords on connected devices. Technical development access to your device may exist via a set of factory default credentials. You may have instructions in the tech manual for your device. Otherwise, contact your manufacturer and ask how to change it.
Your network router and modem are among the most important passwords to change. Be sure your passwords are extremely strong and store them safely in a password manager, like Kaspersky Password Manager.
Best Practices for Smartwatch Data Safety
Buy trusted names in the smartwatch market. Big name products are less likely to cut corners on security. Brand reputation comes with accountability that a cheap unknown brand usually does not have.
Watch for the red flags of a compromised device. Odd device activity might indicate malicious code on your smartwatch or other device. Gathering, tracking, and sending your personal data requires noticeably high data use and battery consumption, so keep your eyes out.
Limit app permissions. Location services and more are used by hackers, but you can block this access. Apps in the Android and Apple ecosystems usually have to ask your permission. Not every app needs these features, so choose them on a case-by-case basis. Less permission is safer. You can always turn permissions on later when needed, but you can never unshare leaked data.
Generally, you want to avoid linking too much personal activity to smartwatches until security standards are set for devices like this. While not likely for many users, this is potentially the best solution for security and smartwatch privacy.
If you do get compromised, you should already have a robust internet security solution in place, such as Kaspersky Total Security. While it doesn’t currently protect smartwatches, it ensures protection for your PCs, tablets and smartphones.