“Hacking” isn’t quite like the Hollywood films make it out to be, and it’s pretty unlikely that you, personally, will be targeted for one of the more advanced data gathering methods. As always, you need to learn how to assess your personal risks (your “threat model”) and decide how far into the realm of personal security you need to go. Chances are, the most basic steps will be enough for your everyday security, with a few extra measures thrown in for data privacy from the corporations that handle your data.
Have there been major breaches of smartwatches already? A few, yes. But most were undertaken by “white hat” hackers, people looking for exploits that they could then bring to the attention of manufacturer’s in order to better secure the devices. The biggest data breaches with regard to smartwatches haven’t been with the devices themselves, yet, but with the companies that hold the data the watches gather.
Bluetooth is a remarkable technology that allows you to pair your smartwatch to your other IoT devices. Unfortunately, this same connection method leaves all of your devices open to attack. Security features exist, but strong encryption is a must in order to safeguard your data. A smartwatch company should release information on the type of encryption used in its devices and offer some assurances as to that encryption’s veracity.
This is the one that most people fall prey to. “Phishing” is one form of this, where a user is tricked into somehow entering personal information into a non-secure platform. This is often an unsecured or false application downloaded from the Internet. Other types of scams include phone calls with questions designed to steal important information about you, or emails with clickable links or downloadable attachments that give a bad actor access to your device.
Some devices come with factory-set default passwords in place. The problem is that these passwords can potentially be purchased, in bulk, from sources on the dark web. Your smartwatch manual should have information on how to change these and implement better security, or you can contact the company directly to inquire about how to change these. Lower-end devices might not make this easy, however, and should generally just be avoided in their default state.
A further look into low-end reveals a more dismal realm of security issues, especially when it comes to devices that should be the most secure of all: kid’s smartwatches. These smartwatches, marketed at children, often have far worse security flaws than those marketed to adults. When considering what sort of smartwatch to get your kid (assuming you believe they really require one at all), it’s best to either go for a customized secure operating system designed by the open-source community, or a smartwatch from a major company that’s made to conform to certain security standards.