Do smartwatches pose a cyber security risk?
Thu 17 Oct 2019 | James Orme

Owning a smartwatch might not actually be such a smart decision after all. Cyber security expert Chester Avey investigates
Over the years, there has been an ongoing battle between those looking to advance technology and those looking to pinpoint its weaknesses. Whether it be computers versus viruses, or encryption versus hacking, there is often an overarching theme of good vs. evil when it comes to technology.
Perhaps this is to be expected. As the world has become more and more gadget-obsessed, we have seen a simultaneous rise in our dependence for effective cybersecurity. Hackers are getting smarter, and can now break down security defences using more innovative methods than ever before.
Knowing where technology falters is therefore vital to not only pinpoint potential security weaknesses, but remove them from the threat of hackers. Here we take a look at whether smartwatches, which operate differently to and contain less data than computers or smartphones, pose a cybersecurity risk. And if so, to what extent?
Research Study 1: Kaspersky
Back in 2018, a Russian cybersecurity and anti-virus provider known as Kaspersky looked at whether smartwatch movements could be used to reveal passwords and other personal information.
Working with an Android-based smartwatch, the firm wrote a dedicated app which was able to process and transmit accelerometer data – a type of data that smartwatches monitor to determine a user’s movement. From this, they were able to trace whether the wearer was sitting or walking and, thanks to the GPS tracker contained inside, where exactly they were located at the time.
The cybersecurity firm was also able to determine when somebody was typing at a computer and what exactly the user was writing – after repeatedly analysing the accelerometer data. When a user typed in the same password over and over again, the smartwatch’s accelerometer would move in a similar way, making it easier to determine which buttons they were typing.
The team concluded that it is possible for smartwatch hackers to work out computer passwords and pin numbers – albeit via a lot of work and repeated analysis. They also made the point that, in order to launch a cyber-attack, the wannabe hacker would still need to gain access to the computer or credit card. This, in turn, makes the likelihood of a smartwatch cyber-attack less likely, but still possible.
Research Study 2: Sophos
Corresponding with Kaspersky’s research, a study carried out by security experts from Sophos discovered that smartwatch hackers can pose a particularly harmful threat to children and teenagers.
In general, parents provide smartwatches to their children to keep track of them during the school day and contact them in the event of an emergency. However, hackers are now able to take advantage of a number of security loopholes to effectively mispresent smartwatch data to parents.
For example, the study found that hackers could remotely access the GPS tracker contained within a smartwatch, altering the geographical location to pretend that somebody is where they’re not. It also discovered that, if a hacker could access the smartwatch’s SIM card, they could send a hidden text message to the device to enable them to listen in to what the user is saying.
Research Study 3: Trend Micro
Back in 2015, a report by an IT security firm called Trend Micro highlighted yet another potential smartwatch cybersecurity oversight: the physical protection of sensitive data.
Analysing devices from major providers like Apple, Samsung, Motorola, LG, Sony, Asus and Pebble, Trend Micro’s team of researchers determined that each smartwatch’s physical protection (i.e. how secure they are if stolen) wasn’t up to scratch, stating that each manufacture ‘opted for convenience’ over security.
The firm hugely criticised the oversight at the time, stating that, while a lack of authentication features made devices easier to operate, the risk of having personal and corporate data compromised was far too great to simply overlook. They also highlighted the fact that devices save data locally when they’re out of range from their connected smartphone. In turn, this means that, should the watch get stolen without a physical data protection method in place, the thief will be able to instantly access all the data saved onto that device.
Final Thoughts
As these three research examples prove, despite operating differently and containing much less data than computers or smartphones, smartwatches can definitely pose a cybersecurity risk. They may not be the easiest device for hackers to target but, with enough time and dedication, it is entirely possible for them to break through and access valuable information.
Therefore, owning a smartwatch might not actually be such a smart decision after all. Maybe you should think about spending your money on a nice, traditional designer watch instead.
Written by James Orme Thu 17 Oct 2019