The use of smartwatches has risen sharply in recent years and the mini computer for the wrist has become more than just a fashion accessory.
No wonder, because with their wide range of functions, smartwatches fulfil the needs of different users: they not only offer convenient access to incoming calls, emails or other notifications without having to pick up a smartphone, but are also a useful companion for monitoring fitness and health.
Some watches support mobile payment services or downloadable apps and applications – from weather forecasts to games and navigation.
However, as the amount of personal data collected by these devices increases, so does the potential risk of potential cyberattacks, warn the IT security experts at PSW GROUP.
Managing Director Patrycja Schrenk says: “Smartwatches, like other smart devices, still harbour a number of potential dangers in terms of IT security. And these are not necessarily recognisable at first glance. The main risks include data exchange on the Internet of Things, weaknesses in Bluetooth and firmware updates and the risk of phishing through infected apps.”
Smartwatches collect a wide range of personal information about their users. This sensitive data, including GPS location, movement tracking, credit card transactions, ATM PINs and passwords, is transmitted via Bluetooth connections to the smartphone, which in turn is connected to the internet. However, any device with an interface to the outside world harbours potential vulnerabilities that can be exploited by cyber criminals.
“In the case of smartwatches, the connection via Bluetooth Low Energy is particularly vulnerable. This connection is not only used for communication between the watch and phone, but also with other devices such as headphones,” explains Patrycja Schrenk. Bluetooth also has other weaknesses, including often inadequate encryption of the transmitted data.
If the firmware is not up to date, security patches and updates are missing, the operating system is vulnerable to potential hacker attacks. Smartwatch users are also not safe from phishing attacks: infected apps can intercept personal information by asking users to create a link to their Google account. Fake forms can then compromise the login data and thus jeopardise the entire Google account.
“Smartwatches are more than just extensions of smartphones. They are systems in their own right. Simply fitting the watch with a suitable screen protector is therefore not enough. Users should also protect their smartwatch from digital threats and not neglect IT security,” emphasises Patrycja Schrenk. Together with her team, the IT security expert has compiled a list of measures to help protect against digital threats:
The most important smartwatch protection measures at a glance:
1. software updates: operating system and apps used
Regular updates of the operating system and apps are essential for security. “Smartwatch manufacturers guarantee regular updates for the operating system of the respective device in order to close security gaps.
These guarantees are usually valid for several years. Nevertheless, every user should ensure that the smartwatch always has the latest firmware and also update the apps they use,” says Schrenk.
2. strong password and lock screen
As smartwatches contain personal data, the use of a strong password is crucial. Similar to other systems and access points, it should consist of a mixture of letters, numbers and special characters. Password protection on the lock screen further increases security.
3. conscious use of Bluetooth
Bluetooth is at the heart of most smartwatches. “I recommend that the Bluetooth connection of the smartwatch is not permanently activated and that it is deliberately deactivated when the smartwatch is not needed in order to reduce the risk of unauthorised access,” Schrenk gives a tip.
The activation lock also helps to block unauthorised connections. Incidentally, this function also prevents anyone from accessing the stored data if the smartwatch is stolen. Smartwatches from manufacturers such as Apple, Google and Samsung already use this function as standard.
4. check app authorisations
In addition to the necessary authorisations, many apps also allow access that is not even necessary for the function of the app and therefore jeopardise user data protection. A torch app, for example, does not need access to contact data and the microphone! A regular check of the app settings may reveal any unwanted changes.
5 Responsible handling of sensitive data
“Highly sensitive information, such as passwords or credit card details, have no place on the smartwatch and should not be stored there,” warns Schrenk. In principle, however, any unauthorised access should also be restricted by security functions such as biometric authentication.
6 Individualised access
To make potential attacks more difficult, not all IoT devices at home should be connected to the smartwatch. This is because cybercriminals can target smartwatches, filter out their Bluetooth connections to other devices and use them like a master key to access the devices at home.
7 VPN for public (WLAN) networks
Patrycja Schrenk recommends using a virtual private network connection (VPN) on the smartphone for those who use public networks or Wi-Fi in cafés or restaurants: “This also protects the smartwatch or the connection between the smartphone and smartwatch so that they cannot be compromised by criminals, who may then be able to read your surfing behaviour live, such as when you enter passwords.”
