Smart Watches: Latest tech trend carries security implications

  • Published
  • By Dave Smith
  • 21st Space Wing Public Affairs staff writer
PETERSON AIR FORCE BASE, Colo. --  It can connect with your phone, alert you to emails, receive text messages, notify you of appointments and even monitor your health. But that new stylish smartwatch could very well be a gateway to stealing your personal information or worse.

With more smartwatches going on the wrists of users all of the time, and many security vulnerabilities reported for them, it pays to take a close look at what precautions should be taken to assure privacy as well as operational security. Marketing data published by C/Net said 30 million smartwatches were sold in 2015 and predicts 50 and 66.7 million in 2016 and 2017 respectively.

"OPSEC applies to smartwatches the same that it does to smartphones," said Master Sgt. Darren Snider, 21st Space Wing operational security manager.

Smartwatches are essentially small computers without many of the security functions larger computers have. The same goes for smartphones and tablets. Vulnerabilities in smartwatches mirror those in these other devices to a large degree. Things like wireless connections, geolocation and storage of personal information are all areas of concern when considering security.

A July 2015 Smart Watch Security Study published by HP found 100 percent of popular smartwatches - including Apple, Samsung and Sony - contain severe vulnerabilities. The study also discovered all of the watches tested gathered some type of personally identifying information. When factored in with the lax security on the devices data is at significant risk for being stolen by hackers. While all are susceptible, one mobile operating system stands out.

"Android is the most hacked," said Victor Duckarmenn, 21st Space Wing Program Management Division quality assurance manager. "I get reports of patches and vulnerabilities daily."

Smartwatches, as well as fitness related devices, depend on pairing with mobile devices that pass information to them. Because of that connection the security of the gateway mobile device must also be considered, the study noted. That means that OPSEC policies for smartphones and tablets are applied to smartwatches as well, using the mobile device personal use policy. Like those other devices smartwatches are not allowed in Sensitive Compartmented Information Facilities.

Wireless connections are at the heart of smartwatch technology and that in itself is an OPSEC risk. WiFi, Bluetooth and cellular signals are all radio waves and less secure than other means of transferring data. Bluetooth exploitations are well documented and hacking devices through WiFi hotspots is common as well, leaving smartwatches vulnerable to various types of attacks.

Security and anti-virus firm Bitdefender showed that peripherals like smartwatches are not as secure as users might think. An engineer from the company hacked a smartwatch and the video was released on the Internet. People do not consider that personal data passed between these devices and smartphones or even heart monitors is easily captured by skilled hackers.

As the Internet of Things - a network of connected devices like refrigerators, cars, and home security systems - continues to grow, devices like smartwatches are used to control many aspects of daily life. But along with the added convenience are hackers given an avenue to take control of your property?

"There are also other possible dangers associated with various applications that may lend to hacking and adverse use of smartphone cameras and or video settings if a smartphone or smartwatch were hacked," Snider said.  "This presents an obvious threat to good operational security practices, especially when it comes to protection of unclassified critical information."

Geolocation is another concern for smartwatches because many wearers do not realize it is taking place. Many applications, such as those that track running routes or social media, can reveal a person's location. Settings in various apps using location services do the same thing, commonly embedding locations in photos.

"(Smartwatches) can geo-locate  your location as well as learn your everyday habits like what time you leave for work, route you take to work, etc.," Snider said. "An adversary, be it criminal or terrorist, that has the capability could possibly find your location and other routine, private information and use it against you or your family, your unit or mission."

There are some questions about whether hackers would put the effort into hacking a random person. Identity thieves have shown they are willing to gain personal information from any number of sources. But, Duckarmenn said, being a member of the military, especially those with sensitive jobs, could put a target on their back.

The best approach to being safe and secure using a smartwatch is to be aware and to be vigilant about what is going on with personal devices and use proven OPSEC practices.

 

United States Space Force logo

Official United States Space Force Website