Watch what you wear: The pitfalls of wearables security

Next story

A growing number of devices are capable of connecting to the internet to enhance our lives in some way – be it by linking us with people over vast distances or by simply supporting our everyday needs and wants.

To this end, apart from smartphones, no devices are more widespread than smartwatches and other wearable devices, as they can create more immersive data-tracking opportunities, as well as serving as powerful reminders of status and as fashion statements.

And while supporting provocative and powerful fashion statements should invite a lot of design-minded people to these devices, understanding the risks that come with using such a device must be understood by everyone.

As diverse as a fashionista’s wardrobe

Wearables can sport many forms and serve a variety of functions, from watches used to support the functions of our phones, to rings or fitness bands used to track our pulse or our oxygen levels, to glasses that can enhance our reality through artificial means.

In a way, these devices are just as diverse as a fashion model’s wardrobe, hence why it is no wonder that there has been such widespread adoption.

According to recent research, the wearable market is expected to grow even more, around 12.9% from 2023 to 2030, with the current market size already being 71.91 billion U.S. dollars.

With the best-selling products belonging to the categories of wrist-wear and eye- or headwear, one needs to be aware of the security risks from usage of such electronics.

And boy oh boy, if you thought that modern phones were vulnerable, wearable devices present even larger security risks, not only from a consumer perspective but also from a small and medium business or enterprise one.

Your personal health file – a free for all

A modern age requires modern risk assessment, which is the reason why people should be more aware of the troubles their devices might cause from a security perspective. The more people adopt wearable devices capable of connecting to the internet, the more cybercriminals will try to access personal information on or through them. After all, criminals are looking for platforms that provide scale.

There are countless individuals who enjoy running with the latest in sports watches and smartwatches, with year-over-year growth of 30%. The fact that these devices can track and report on their owners’ health metrics poses just one of several concerns. Previously, such health data was usually only relevant to the users or their doctors. Nowadays, that data can end up in the hands of third parties, who might sell the information or leverage it to create personalized adverts. In the worst-case scenario, a criminal might misuse that data to track a person’s location, habits and more with great accuracy.

Concurrently, having these device types also potentially connect to company networks can create unnecessary security risks for businesses, as these wearables often seek to share their online connections with their phone counterparts, creating a potential vector for a cyberattack.

Similarly, the same type of phishing, vishing or smishing attacks that spread throughout the digital world also present very real threats to our wearable watches since, very often, their functionalities now mirror those of a phone.

Further security concerns

To complement the above, many security experts warn that smartwatches, for instance, are very often lacking in their user authentication methods, not prompting users to create strong PINs or passwords to unlock their devices. And even if they do, these measures are often weak, as said devices do not provide the same set of processing power to provide complex authentication measures as phones do nowadays. Nonetheless, any password is better than no password.

Similarly, data storage is also a concern, with watches now sporting their own file drives and locally stored data often lacking encryption or worse, using cloud solutions to migrate said data, which could be rather easily compromised by a man in the middle (MITM) attack, for example. The same can be said for the Bluetooth connection between the watch and the phone, as simple sniffers are able to intercept data transfers from watch to phone or vice versa.

All is not lost


Thankfully, there are ways to make our use of wearables more secure. As with anything else, user error is the most common cause of successful attacks, so educating oneself on practical ways to mitigate this can go a long way.

Here are five simple steps:

  1. Regularly check for software and security updates on your watch.
  2. Review your app permissions.
  3. Create a PIN or a password access code.
  4. Be mindful of what you save on your device.
  5. Bear in mind some basic cybersecurity measures.

All in all, these five steps should provide some basic paths to improved security; however, caution is still advised when using any wearable device.

Android device users should prioritize the use of a mobile security app like ESET Mobile Security and remain vigilant when downloading apps from third-party developers, who often offer custom apps in the Google Play Store or even in app stores like Garmin or the Huawei AppGallery.

About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit ΕSET Hellas or follow us on Facebook, Twitter and LinkedIn.