How to Have a Secure and Privacy-respecting Smartwatch

As the “Internet of Things” (IoT) continues to expand to more and more devices that we daily use, taking steps to secure your privacy and personal safety likewise becomes increasingly vital. The good news is that you can take some basic and immediate steps to protect yourself from bad actors and corporate snooping. For a device like a smartwatch, which hosts a huge amount of very personal and sensitive information, it’s vital that you understand the risks and the ways to mitigate the potential problems that could arise.

Inherent problems with the IoT

The Internet of Things refers to the broadening availability of “smart” devices that can “talk” to one another in some way by sharing data. These are smart bulbs, toasters, your phone, a smart dishwasher, and (probably) your home security system. The list expands quickly, and includes a huge number of everyday objects people use. Unfortunately, due to a lack of uniform standards for the creation and maintenance of these devices, their design and security features are up in the air. Until an international standards body is created to handle IoT devices, smartwatch security is left to the company that produces it and the abilities of the end user (you and me).

Your private data

The more information about you that is collected, the more you are at risk for problems such as identity theft. With a wristwatch, a massive amount of your private information is collected constantly, and this can allow a bad actor to wreak all sorts of havoc in your life. Everything from your location, to financial information, to the contents of your calendar and your contacts list are usually handled by your watch.

The point isn’t to smash your new Apple Watch with a hammer, however; we can use these devices safely, but only if we understand how the device manufacturer handles our data and take a few personal steps to safeguard that even further.

“Hacking” isn’t quite like the Hollywood films make it out to be, and it’s pretty unlikely that you, personally, will be targeted for one of the more advanced data gathering methods. As always, you need to learn how to assess your personal risks (your “threat model”) and decide how far into the realm of personal security you need to go. Chances are, the most basic steps will be enough for your everyday security, with a few extra measures thrown in for data privacy from the corporations that handle your data.

Have there been major breaches of smartwatches already? A few, yes. But most were undertaken by “white hat” hackers, people looking for exploits that they could then bring to the attention of manufacturer’s in order to better secure the devices. The biggest data breaches with regard to smartwatches haven’t been with the devices themselves, yet, but with the companies that hold the data the watches gather.

Bluetooth

Bluetooth is a remarkable technology that allows you to pair your smartwatch to your other IoT devices. Unfortunately, this same connection method leaves all of your devices open to attack. Security features exist, but strong encryption is a must in order to safeguard your data. A smartwatch company should release information on the type of encryption used in its devices and offer some assurances as to that encryption’s veracity.

Scams

This is the one that most people fall prey to. “Phishing” is one form of this, where a user is tricked into somehow entering personal information into a non-secure platform. This is often an unsecured or false application downloaded from the Internet. Other types of scams include phone calls with questions designed to steal important information about you, or emails with clickable links or downloadable attachments that give a bad actor access to your device.

Default passwords

Some devices come with factory-set default passwords in place. The problem is that these passwords can potentially be purchased, in bulk, from sources on the dark web. Your smartwatch manual should have information on how to change these and implement better security, or you can contact the company directly to inquire about how to change these. Lower-end devices might not make this easy, however, and should generally just be avoided in their default state.

Low-end smartwatches

A further look into low-end reveals a more dismal realm of security issues, especially when it comes to devices that should be the most secure of all: kid’s smartwatches. These smartwatches, marketed at children, often have far worse security flaws than those marketed to adults. When considering what sort of smartwatch to get your kid (assuming you believe they really require one at all), it’s best to either go for a customized secure operating system designed by the open-source community, or a smartwatch from a major company that’s made to conform to certain security standards.

Because there are no international standards governing IoT devices (yet), your mileage will vary on what features you can alter and what steps you can take to secure your device. However, in many cases, especially with well-known brands, the following are both possible and easy to accomplish.

• Disable unauthorized pairing of your smartwatch. Devices from brands like Apple and Samsung have an activation lock feature that helps ensure that your smartwatch won’t connect to unauthorized Bluetooth signals.

• Enable two-factor authentication if your device offers it. Anyone trying to connect to your device, or to access its settings, should find themselves up against this powerful security feature. If you’re looking at a watch which doesn’t offer this…look at a different watch.

• Enable password protection on the watch itself, if offered. This might be biometric, a pin or pattern, or a locational security feature that disables the watch if it is too far away from your smartphone.

Secure your connected devices

The biggest danger for smartwatch security is not the watch itself, but the device you’ve connected to the watch. Make sure that your smartphone is fully secured, therefore, to protect your smartwatch to the fullest.

Some simple tips are:

• Enable password protection and a lock screen.
• Enable two-factor authentication.

• Never download applications from an untrusted source. The Google and Apple stores are generally safer than the open Internet, but even apps on those platforms can harbor malicious features. F-Droid for android is an app store for open-source apps that is also generally safe, though make sure to use all due caution there as well.

• Always check your phone for updates. Usually, these will happen automatically, but if they’re queuing up without being applied, you need to make sure to manually update as soon as possible. Updates will often come with important security fixes that will help protect your device.

Your smart home is a large area of potential risk, so don’t connect all of your IoT devices directly to your watch. There is a lot you can do to secure your smart home further, but for starters you want to connect your smartwatch only to devices you absolutely must control with it. Any device that is outdated or older should be removed from the home network or upgraded to a newer, more secure model. Make sure all of your IoT devices use unique, strong passwords that are different from whatever their default setting was!

Seek out a privacy-respecting alternative

Apple Watch is probably the best for overall smartwatch security, but only if you subscribe to the whole Apple ecosystem and its environmentally-degrading system of planned obsolescence. If you don’t want to use Apple products, or simply can’t afford them, where else can you look? Withings is one alternative, as their timepieces offer nearly all that Apple does, but with a far more stylish look. You still, however, run into the problem of having your data scoured up by a company.

If you want to avoid this, and still want a smartwatch with some cool features, there are some nifty alternatives available that concentrate of both security and privacy.

Securing your smartwatch will be a lot easier if your watch was made by a reputable company. Big name manufacturers like Apple will probably implement better security features, and Apple specifically has even tried to make a name for itself in the privacy and security spheres, offering you a more secure device out of the box.

Keep an eye on your devices for any sort of odd behavior. If your devices start acting strangely, they may have been compromised. Disconnecting compromised devices and seeking out professional security support will save you a lot of trouble.

Whenever possible, limit the permissions used by downloaded apps on your phone and smartwatch. The more permissions an application asks for, the more suspicious of it you should be. Make sure to only keep those apps on your device that to absolutely need and regularly use. You can always re-download apps that you only use infrequently!

Follow good security hygiene, by using a powerful password manager to automatically generate strong randomized passwords for all of your needs. Never connect to unsecured and untrusted networks (like the Wi-Fi at your local coffee shop). Learn how to find and secure your network key. And never click on any links, or open any attachments that someone (even a friend) sends you, without being very sure that the source is trustworthy.

If you take these preventative steps, your overall security will rise dramatically, and the risk of your data being breached through your smartwatch will plummet.

If you're interested in a secure and private internet browser, we have some tips for that too!