What threats can smartwatches create?

There are many players on the smartwatch market today. To reach out to customers, it is enough to buy ready-made hardware and order the development of software. Given that the low price of the gadget is the main competitive advantage for brands that are not well-known, manufacturers do not invest in security to reduce costs. Therefore, the overall security of smartwatches is considered to be rather low. The devices from the largest and most popular electronics vendors around the world are the exception. The most dangerous aspect of the situation is that end users are not willing to pay more for security. This is partly due to a lack of cyber security awareness which drives the growth and thriving of the unprotected smartwatch market. In addition, smartwatches are categorized as IoT devices, and the security of their design is currently not regulated.

Smartwatches collect a lot of data, including personal data. or medical data, such as heartbeat. Some models are equipped with built-in payment tools. Most often, the device captures geodata, including the current location and the movements of the user. If the device is compromised, all of this data can fall into the wrong hands.

Careless smartwatch manufacturers often abuse the practice of setting default passwords. This makes it easier for attackers to gain remote access. They don’t even need to come up with specific attacks or exploits. When nearby, it’s possible to pair the gadget with your smartphone and gain access to its data. If the smartwatch supports changing the parameters via SMS, attackers will also be able to control the device via SMS simply by specifying the login, password, and data to be received. Low-cost brands do not pay much attention to service functions such as configuring the gadget using another device, for example, via Bluetooth connection. As a rule, it’s easy to intercept the data in such cases.

Any security flaw of children’s smartwatches may result in data leakage and further scam attacks using the information on the user’s whereabouts. For instance, when a child’s devise is out of reach the attacker can use an unknown number to send an SMS to the parents saying that their child is in trouble and urgently needs money.

Any strange behavior of the smartwatch, whether it’s battery degradation or device freezing, can be a sign of tampering. When choosing a smartwatch, you should consider well-known brands and check the security parameters of the devices. After purchase, configure access by setting a strong password that has not been used anywhere else before. The software should be updated regularly. Ideally, set up automatic updates so you don’t miss important security patches.

The users of smart home systems with centralized IoT device management, who doubt that their vendor ensures the security of smartwatches, should not connect the device to the smart home system. Otherwise, the attacker who hacked the smartwatch may gain access to all connected IoT devices.