The number of smartwatches is increasing steeply. Smartwatches are often able to track your heart rate, sleep, location, exercise and much more. Additional features nowadays include receiving phone notifications and making payments. But how secure is your watch, and all your personal data?
In case of theft, a thief will often easily be able to enter the device as most people do not install screen locks on their devices (O’Connell, 2019). Manufactures do have additional features to prevent easy access, such as the option to obstruct a connection with an unknown phone and the requirement of a close-proximity connection with the phone for payments and other important functions (Symanovich, 2019). Most smartwatches use Bluetooth-technology to create such a connection, which is not often targeted by attacks (Thomas, 2019). Nevertheless, the data is often not encrypted due to the limited computing power of the watch and simply secured by a six-digit pin. A six-digit code is easily cracked with the use of brute force attacks (Wenz, 2019).
Whenever a device does get breached, almost all data (e.g. notifications, heartbeat, locations and audio recordings) can be subtracted from the device (Do, Martini and Choo, 2016). Furthermore, a hacked device could leak your data or even breach into your network, obtaining information from the network as well. (Symanovich, 2019).
Smartwatches often allow third-party apps on their operation system for providing the customer with additional features. These apps are able obtain all kinds of information. It’s therefore important to read the privacy policies of these apps to ensure your data is handled with care (Symanovich, 2019). The data can be used against you be insurers for example, although no case of this is revealed yet.
On the bright side, Google released Adiantium in the spring of 2019. Adiantium is an encryption mode that can run on devices running Android Wear by using the ChaCha stream to cipher in a length-preserving mode (Crowley and Biggers, 2018). In this way, low-performance devices can encrypt their data in the same degree as smartphones and laptops can. Apple did include encryption in their newest version of iOS as well (Apple, 2019). Moreover, Apple asks users to enter a password to adjust the device settings and allows users to deactivate their pay account remotely via iCloud and (Thomas, 2019).
A research by Kasperky (Lurye, 2019) showed that smartwatches are relatively safe nowadays. Their encryption is improving and so are their protection measures. Managing permissions, checking for privacy policies and being alerted for malware will help to prevent most damage. No guarantee for a breach can be given, however. In case of a breach, basic information can be obtained quite easily. More specific information such as what the user types on a computer or credit card information is much harder to obtain and requires advanced software such as neural networks.
Apple (2019). iOs security. [ebook] Apple, pp.37-38. Available at: https://www.apple.com/business/docs/site/iOS_Security_Guide.pdf [Accessed 4 Oct. 2019].
Crowley, P. and Biggers, E. (2018) “Adiantum: length-preserving encryption for entry-level processors”, IACR Transactions on Symmetric Cryptology, 2018(4), pp. 39-61. doi: 10.13154/tosc.v2018.i4.39-61.
Do, Q., Martini, B. and Choo, K. (2016). Is the data on your wearable device secure? An Android Wear smartwatch case study. Software: Practice and Experience, 47(3), pp.391-403.
Lurye, S. (2019). Experiment: How easy is it to spy on a smartwatch wearer?. [online] Kaspersky.com. Available at: https://www.kaspersky.com/blog/smart-watch-research/22536/ [Accessed 4 Oct. 2019].
O’Connell, J. (2019). 5 Security Concerns for Your Smart Watch | Hacked: Hacking Finance. [online] Hacked. Available at: https://hacked.com/5-security-concerns-smart-watch/ [Accessed 4 Oct. 2019].
Symanovich, S. (2019). Smart watches and internet security: Are my wearables safe? | Norton. [online] Us.norton.com. Available at: https://us.norton.com/internetsecurity-iot-how-to-protect-your-connected-wearables.html [Accessed 4 Oct. 2019].
Thomas, K. (2019). How secure is your smartwatch? | WeLiveSecurity. [online] WeLiveSecurity. Available at: https://www.welivesecurity.com/2015/04/15/secure-smartwatch/ [Accessed 4 Oct. 2019].
Wenz, J. (2019). Why Links Between Smartwatches and Phones Could be Vulnerable to Attacks. [online] Popular Mechanics. Available at: https://www.popularmechanics.com/technology/security/a13815/hackers-can-crack-smartwatch-and-smartphone-encryption-17514096/ [Accessed 4 Oct. 2019].