Smartwatch security threats: The sky isn’t really falling

Wearables are too young to pose a real threat to data security, says Davey Winder

Apple Watch release date, price & features

Security firms Kaspersky and Wisekey are worried about the amount of unprotected data shared between smartphones and wearables. Which leads me to ask, just how insecure is your smartwatch?

I'm not going to dismiss these security vendors concerns off the bat, but I will throw a quick MRDA (Mandy Rice-Davies Applies) into the conversation. After all, this is the same industry that seems to think that anti-virus products on the desktop are still somehow valid.

Let's agree that if wearables become a conduit for mobile payments, and smartwatch technology will allow that across most platforms soon enough, then obviously there's the potential for cyber-theft.

Well, maybe.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Most of the emphasis has to be on the word 'potential', which is very different to the word likely'. 

Not that there aren't questions to ask when we think seriously about the smartwatch sector (something that's hard to do when they all look like Christmas cracker toys).

Those questions will grow in stature if more people start wearing the things. Questions such as, can they be hacked, is there the potential for malware or man-in-the-middle attacks, and what happens to your data if your watch gets stolen or is lost?

Sound familiar? They should do - we asked the same ones when our phones started getting clever. For the most part, we've answered them too.

And that's the thing, wearables are paired with those smartphones for which we have mostly sorted the data security now. Which leaves us to ask, are smartwatches even a threat at all?

Well, they are not just dumb terminals. They display notifications from your smartphone, and notifications contain valuable data, lots of it.

Advertisement - Article continues below

A smartwatch is a conduit to more data, in your pocket and beyond, and that will eventually make them attractive to the bad guys.

When Trend Micro tested smartwatches for hardware protection, data connections and local data storage, it found all of them had weaknesses that could be exploited. All of them saved notification and calendar data locally, making it possible for hackers to get it without the smartphone being required.

When HP Fortify studied smartwatches for security, it also found them lacking, particularly when it came to user authentication and poor encryption of data in transit. Most were vulnerable to attacks enabling man-in-the-middle threats or using outdated, and therefore vulnerable, protocols such as SSL 2.0.

Not that bad guys are targeting smartwatches just yet, as far as we can tell. The attack surface is, quite literally, way too small. Not enough users, not enough data, not enough resources to install malware, not enough anything.

Advertisement
Advertisement - Article continues below

A lot of alleged smartwatch insecurities that the media trumpet are hard to imagine outside of a lab environment. Take a look at MoLe: Motion Leaks through Smartwatch Sensors if you want a shining example.

But as the tech on your wrist gets more powerful, and the apps more complex, threats will grow and emerge. Until that is the case, there's not really much that is likely to be done in terms of cyber-badness.

Advertisement - Article continues below

The whole wearables security sector right now reminds me a lot of Chicken Little. The sky isn't falling, and getting too squawky about smartwatches right now just serves to distract from the real problem: securing your data in the cloud and on your smartphone.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019