How Safe Are Smartwatches?
Like other “smart” device markets, the wearable tech market is increasingly a multibillion-dollar industry. Since Pebble first announced its Kickstarter and surpassed $12 million in donations, the smartwatch has seen numerous implementations by companies ranging from Samsung to Apple. But is this technology safe?
This is the question both consumers and experts are asking when they look at wearable smartwatches. Based on the standards used for radiation and wireless signals, smartwatches appear to be fairly safe. The new Apple Watch, for instance, has a dramatically lower Specific Absorption Rate (SAR) than the iPhone. Based on industry standard, they appear to be physically safe to wear. If you cannot be bother about security and really just prefer to relax, then visit Ladylucks for Smartwatches exclusive promo this month.
There are real issues how these smartwatches may open your personal information up to criminals. Most smartwatches contain at least some information about their owners, including their name and address. However, because most smartwatches also monitor the health of the wearer, that health data is also available to crafty hackers.
Some smartwatches even have access to payment information. The Apple Watch allows the owner to use Apple Pay, and new apps even offer control over home security and certain car related features. All can become compromised if your smartwatch isn’t secure (or is stolen).
What’s worse, a recent study by HP has shown that many different models of smartwatches share vulnerabilities. According to their study, there are a few big issues:
- No Password Lockout (unlimited guesses) and weak password policy
- Poor encryption (both in updates and in data transmission)
- Screens that don’t lock (anyone who picks up the watch can access it)
To expand on some of those issues, we’ll first take a look at the issue with smartwatch passwords, as this is something users can potentially do something about.
Passwords on Your Watch
Devices or services that don’t require strong passwords can be dangerous to their owners simply because there is a tendency to make relatively simple passwords when allowed. Weak passwords usually include only lowercase letters and tend to use words from the dictionary or personal information (birth dates, anniversaries, Social Security numbers, etc). By not advising smartwatch owners (or better, requiring) to use strong passwords, some devices are automatically at risk.
For the record, strong passwords would be the total opposite of weak ones; they will usually have a good number of characters (eight or more), contain upper and lowercase letters, numbers and symbols. They tend to exclude single words in the dictionary unless a passphrase is used (very long passwords may also be very difficult to guess or crack). As expected, the best way to counteract this problem is to use a better password than is required.
Failure to secure a device account with a strong password may allow criminals to access device and any information associated with it. It may also let someone pair the device with their own, effectively allowing the complete theft of your hardware.
Poor encryption means that data sent to and from your smartwatch is vulnerable to having bad scripts or data inserted into the data stream. An example is malware intended to steal information or sabotage your device. The biggest danger here is how passively this can happen.
Unlike on your computer or mobile device, where a good deal of malware is acquired by mistake (clicking on bad links, downloading infected files, etc.), a smartwatch is more likely to be attacked with no action on your part. HP’s study also found smartwatches were vulnerable to POODLE attacks, which exploit vulnerabilities in SSL3 that are soon to be fixed for most phones and computers.
In fairness to smartwatches, all devices are subject to theft. However, laptops and other mobile devices often can be locked or disabled remotely if stolen, and typically have lock screens or require logging in before they can be properly utilized. This is not the case with all smartwatches, meaning even just leaving the watch unattended could be a real danger.
With the exception of the Pebble, most smartwatches have fairly limited battery life. It isn’t unreasonable to expect to see people charging their watches if they’ve forgotten to charge them at home, which is the perfect opportunity for criminals. The same goes with conventional pickpockets who already steal valuable watches, except now the value may be in the data.
Piggybacking and You
Another danger smartwatches pose is related to how the majority function primarily as accessories to your smartphone or tablet. As Bluetooth devices, smartphones typically pair with your smartwatch to connect to the internet and send notifications and other information to be displayed on the watch face. That also means that if your paired device is vulnerable, your smartwatch is potentially in danger too.
The best way to handle this particular risk is by properly securing your related devices. Phones and tablets should be equipped with two pieces of software: a Virtual Private Network (VPN) and an anti-virus app. The former is usually a paid service, while the latter is often free with premium paid features available.
A VPN is essential because it secures your internet connection. Often the sole source of internet is your phone or tablet, which may be connected to unsecure public WiFi networks. A VPN acts a middleman, connecting you to a remote server which encrypts your data and hides your IP address, allowing you to connect safely and anonymously. With your internet secure, your watch is much less likely to be involved in any incidents caused by its paired device.
There are a number of services available with varying levels of features. Consider reading reviews on VPNs if you’re interested in seeing which services offer what features.
An anti-virus app is also essential as it helps prevent malware from hiding on your device, and it also helps deal with device theft. Services such as Avast have premium features that allow you to lock your device if it’s taken and even take a “theftie” of the criminal in question. But the main use here is in preventing malware that could also affect your smartwatch.
Caution for Early Adopters
Within a few years, it’s likely most major security concerns will begin to be ironed out. As technology improves and cybercrime increases, manufacturers will be forced to adopt new standards to keep your devices safe if they hope to maintain relevancy.
Until that happens, be careful what you use a smartwatch for. While I think they’re a pretty awesome addition to the “smart” toolbox, they’re far from being perfect. For the moment, security is largely on your shoulders; stay up to date if you want to avoid trouble.
Do you already have a smartwatch or other wearable technology? If not, are you planning on it anytime soon? Tell us what you think in the comments.