Smartwatch security threats: The sky isn’t really falling

Wearables are too young to pose a real threat to data security, says Davey Winder

Apple Watch release date, price & features

Security firms Kaspersky and Wisekey are worried about the amount of unprotected data shared between smartphones and wearables. Which leads me to ask, just how insecure is your smartwatch?

I'm not going to dismiss these security vendors concerns off the bat, but I will throw a quick MRDA (Mandy Rice-Davies Applies) into the conversation. After all, this is the same industry that seems to think that anti-virus products on the desktop are still somehow valid.

Advertisement - Article continues below

Let's agree that if wearables become a conduit for mobile payments, and smartwatch technology will allow that across most platforms soon enough, then obviously there's the potential for cyber-theft.

Well, maybe.

Most of the emphasis has to be on the word 'potential', which is very different to the word likely'. 

Not that there aren't questions to ask when we think seriously about the smartwatch sector (something that's hard to do when they all look like Christmas cracker toys).

Those questions will grow in stature if more people start wearing the things. Questions such as, can they be hacked, is there the potential for malware or man-in-the-middle attacks, and what happens to your data if your watch gets stolen or is lost?

Sound familiar? They should do - we asked the same ones when our phones started getting clever. For the most part, we've answered them too.

Advertisement
Advertisement - Article continues below

And that's the thing, wearables are paired with those smartphones for which we have mostly sorted the data security now. Which leaves us to ask, are smartwatches even a threat at all?

Advertisement - Article continues below

Well, they are not just dumb terminals. They display notifications from your smartphone, and notifications contain valuable data, lots of it.

A smartwatch is a conduit to more data, in your pocket and beyond, and that will eventually make them attractive to the bad guys.

When Trend Micro tested smartwatches for hardware protection, data connections and local data storage, it found all of them had weaknesses that could be exploited. All of them saved notification and calendar data locally, making it possible for hackers to get it without the smartphone being required.

When HP Fortify studied smartwatches for security, it also found them lacking, particularly when it came to user authentication and poor encryption of data in transit. Most were vulnerable to attacks enabling man-in-the-middle threats or using outdated, and therefore vulnerable, protocols such as SSL 2.0.

Not that bad guys are targeting smartwatches just yet, as far as we can tell. The attack surface is, quite literally, way too small. Not enough users, not enough data, not enough resources to install malware, not enough anything.

Advertisement - Article continues below

A lot of alleged smartwatch insecurities that the media trumpet are hard to imagine outside of a lab environment. Take a look at MoLe: Motion Leaks through Smartwatch Sensors if you want a shining example.

But as the tech on your wrist gets more powerful, and the apps more complex, threats will grow and emerge. Until that is the case, there's not really much that is likely to be done in terms of cyber-badness.

The whole wearables security sector right now reminds me a lot of Chicken Little. The sky isn't falling, and getting too squawky about smartwatches right now just serves to distract from the real problem: securing your data in the cloud and on your smartphone.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

5 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/cloud/cloud-computing/355742/microsoft-launches-public-cloud-service-for-health-care
cloud computing

Microsoft launches public cloud service for health care

21 May 2020