Smartwatch security threats: The sky isn’t really falling

Wearables are too young to pose a real threat to data security, says Davey Winder

Apple Watch release date, price & features

Security firms Kaspersky and Wisekey are worried about the amount of unprotected data shared between smartphones and wearables. Which leads me to ask, just how insecure is your smartwatch?

I'm not going to dismiss these security vendors concerns off the bat, but I will throw a quick MRDA (Mandy Rice-Davies Applies) into the conversation. After all, this is the same industry that seems to think that anti-virus products on the desktop are still somehow valid.

Advertisement - Article continues below

Let's agree that if wearables become a conduit for mobile payments, and smartwatch technology will allow that across most platforms soon enough, then obviously there's the potential for cyber-theft.

Well, maybe.

Most of the emphasis has to be on the word 'potential', which is very different to the word likely'. 

Not that there aren't questions to ask when we think seriously about the smartwatch sector (something that's hard to do when they all look like Christmas cracker toys).

Those questions will grow in stature if more people start wearing the things. Questions such as, can they be hacked, is there the potential for malware or man-in-the-middle attacks, and what happens to your data if your watch gets stolen or is lost?

Sound familiar? They should do - we asked the same ones when our phones started getting clever. For the most part, we've answered them too.

Advertisement
Advertisement - Article continues below

And that's the thing, wearables are paired with those smartphones for which we have mostly sorted the data security now. Which leaves us to ask, are smartwatches even a threat at all?

Advertisement - Article continues below

Well, they are not just dumb terminals. They display notifications from your smartphone, and notifications contain valuable data, lots of it.

A smartwatch is a conduit to more data, in your pocket and beyond, and that will eventually make them attractive to the bad guys.

When Trend Micro tested smartwatches for hardware protection, data connections and local data storage, it found all of them had weaknesses that could be exploited. All of them saved notification and calendar data locally, making it possible for hackers to get it without the smartphone being required.

When HP Fortify studied smartwatches for security, it also found them lacking, particularly when it came to user authentication and poor encryption of data in transit. Most were vulnerable to attacks enabling man-in-the-middle threats or using outdated, and therefore vulnerable, protocols such as SSL 2.0.

Not that bad guys are targeting smartwatches just yet, as far as we can tell. The attack surface is, quite literally, way too small. Not enough users, not enough data, not enough resources to install malware, not enough anything.

Advertisement - Article continues below

A lot of alleged smartwatch insecurities that the media trumpet are hard to imagine outside of a lab environment. Take a look at MoLe: Motion Leaks through Smartwatch Sensors if you want a shining example.

But as the tech on your wrist gets more powerful, and the apps more complex, threats will grow and emerge. Until that is the case, there's not really much that is likely to be done in terms of cyber-badness.

The whole wearables security sector right now reminds me a lot of Chicken Little. The sky isn't falling, and getting too squawky about smartwatches right now just serves to distract from the real problem: securing your data in the cloud and on your smartphone.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020