Smartwatch security threats: The sky isn’t really falling

Wearables are too young to pose a real threat to data security, says Davey Winder

Apple Watch release date, price & features

Security firms Kaspersky and Wisekey are worried about the amount of unprotected data shared between smartphones and wearables. Which leads me to ask, just how insecure is your smartwatch?

I'm not going to dismiss these security vendors concerns off the bat, but I will throw a quick MRDA (Mandy Rice-Davies Applies) into the conversation. After all, this is the same industry that seems to think that anti-virus products on the desktop are still somehow valid.

Let's agree that if wearables become a conduit for mobile payments, and smartwatch technology will allow that across most platforms soon enough, then obviously there's the potential for cyber-theft.

Well, maybe.

Most of the emphasis has to be on the word 'potential', which is very different to the word likely'. 

Not that there aren't questions to ask when we think seriously about the smartwatch sector (something that's hard to do when they all look like Christmas cracker toys).

Those questions will grow in stature if more people start wearing the things. Questions such as, can they be hacked, is there the potential for malware or man-in-the-middle attacks, and what happens to your data if your watch gets stolen or is lost?

Sound familiar? They should do - we asked the same ones when our phones started getting clever. For the most part, we've answered them too.

And that's the thing, wearables are paired with those smartphones for which we have mostly sorted the data security now. Which leaves us to ask, are smartwatches even a threat at all?

Well, they are not just dumb terminals. They display notifications from your smartphone, and notifications contain valuable data, lots of it.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

A smartwatch is a conduit to more data, in your pocket and beyond, and that will eventually make them attractive to the bad guys.

When Trend Micro tested smartwatches for hardware protection, data connections and local data storage, it found all of them had weaknesses that could be exploited. All of them saved notification and calendar data locally, making it possible for hackers to get it without the smartphone being required.

When HP Fortify studied smartwatches for security, it also found them lacking, particularly when it came to user authentication and poor encryption of data in transit. Most were vulnerable to attacks enabling man-in-the-middle threats or using outdated, and therefore vulnerable, protocols such as SSL 2.0.

Not that bad guys are targeting smartwatches just yet, as far as we can tell. The attack surface is, quite literally, way too small. Not enough users, not enough data, not enough resources to install malware, not enough anything.

A lot of alleged smartwatch insecurities that the media trumpet are hard to imagine outside of a lab environment. Take a look at MoLe: Motion Leaks through Smartwatch Sensors if you want a shining example.

But as the tech on your wrist gets more powerful, and the apps more complex, threats will grow and emerge. Until that is the case, there's not really much that is likely to be done in terms of cyber-badness.

Advertisement - Article continues below

The whole wearables security sector right now reminds me a lot of Chicken Little. The sky isn't falling, and getting too squawky about smartwatches right now just serves to distract from the real problem: securing your data in the cloud and on your smartphone.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020