How to Protect Your Smartwatch from Hacking and Malware

MakeUseOf

Many of us do what we can to protect our computers from cybercrime, but we often don't realize that our smartphones and smartwatches are also at risk. While smartwatches are more of an accessory to our main devices, they can still be exploited by malicious actors. So, how easy is it to hack a smartwatch, and what can you do to protect yourself?

Why Hack a Smartwatch?

Smartwatches can store a lot of different kinds of data, some of it highly sensitive. Phone numbers, email addresses, login credentials, and payment information can all be stored on a smartwatch, which a hacker could do a lot with if successfully stolen.

There may not be as much data stored on a smartwatch as there would be on a computer or smartphone, but this doesn't mean there isn't anything worth pursuing for malicious actors. Even a single phone number or set of login credentials can give a hacker a lot to work with, so don't assume that just because your smartwatch is an accessory doesn't mean it isn't sought after by attackers.

Smartwatches are almost always connected to a smartphone, and this direct link also makes them targets for hackers. Because a cybercriminal can intercept the information being exchanged between a smartphone and smartwatch, it's easy to understand why a smartwatch could be a target.

How Are Smartwatches Hacked?

Smartwatches can be considered little computers in and of themselves. With your smartwatch, you can connect to the internet, use Bluetooth and NFC, make calls, and send texts. So, there are evidently many wireless communication vectors supported by most smartwatches.

Because of this, smartwatches are exposed to remote attacks. There are so many forms of remote attacks that listing them all would take a long time, but there are a few key attacks that smartwatches are particularly exposed to.

Phishing is a type of cybercrime that exploits various kinds of communication channels, including email, SMS, and social media DMs. Phishing attacks involve the impersonation of an official individual or organization in order to spread malware or steal data. If you receive a phishing email and open it on your smartwatch, you could be at risk of exploitation.

Say, for example, you open a phishing email attachment on your smartwatch and unknowingly deploy malware onto your device. Once this malware is installed and active, it could possibly log your activity, steal your data, and even track your location. Even ransomware, a highly dangerous form of malware, has been known to infect smartwatches, and phishing emails could be used to deploy such harmful programs.

Additionally, smartwatches' use of Bluetooth poses a risk. Bluetooth is a short-range wireless connection technology that many use to pair to other devices, like wireless headphones and speakers. In the case of smartwatches, Bluetooth can be used to connect to your smartphone, so that you can make and receive calls, use apps, and access more features in general.

However, when Bluetooth is used to connect your smartphone and smartwatch, a channel opens for exploitation. A cybercriminal could compromise your connection, and then eavesdrop on the data being sent between both devices.

Cybercriminals can also use factory default passwords to access smartwatches. A default password is given to Internet of Things (IoT) devices during manufacture. If a cybercriminal is able to find your factory default password, they could access your smartwatch via its backend. While you can change this password, it is typically quite difficult to do, and many do not bother, which leaves open a useful exploit channel for hackers.

How to Keep Your Smartwatch Safe from Hackers

If you're concerned about your smartwatch posing a security risk, there are things you can do to keep it safe from hackers, starting with the connections you make.

As previously discussed, there are various communication channels that a smartwatch can use, including Wi-Fi, Bluetooth, and NFC. All of these can potentially be exploited by attackers, so it's wise to only keep active the connections you need. For example, if you don't need your NFC on a given day, disable it until it is required again.

Additionally, try not to connect your smartwatch to too many devices at once, as this can also expose you to malicious attacks. If a cybercriminal successfully hacks your smartphone, for instance, they may then be able to gain access to your smartwatch.

Connecting your smartwatch to a public Wi-Fi network can also make you an easy target for hackers. This is a general rule for all devices, including laptops, tablets, and smartphones. If you're not using a protective protocol, such as a Virtual Private Network (VPN), connecting to a public Wi-Fi network puts you at risk of having your data stolen or activity tracked by cybercriminals.

Updating your smartwatch's software, particularly its operating system, can play a crucial role in elevating security, too. Software updates provide many benefits, one of which being the removal of bugs and vulnerabilities that can pose security risks. While it can be a little inconvenient to wait for a software update to finish, they are nonetheless important, so try to run them as frequently as possible.

You should also physically protect your smartwatch from attacks. Malware can be installed directly onto a smartwatch if someone gets access to it, so it's important to equip your smartwatch with a strong password so that it can't be gotten into easily.

Lastly, it's important to opt for legitimate and trusted smartwatch manufacturers so that you know you're not being left without any security measures on your device. Cheaper smartphone brands can sometimes skimp out on certain features, including security protocols, to offer their devices at a low price point. While this isn't always the case, it's usually safer to go with the well-reviewed and well-established name.

Smartwatches' Wireless Capabilities Make Them a Valuable Target

The many ways in which smartphones can connect to other devices, access online platforms, and communicate over long and short distances undoubtedly solidifies them as a viable option for cybercriminals. If you own a smartwatch and are concerned about cyberattacks, use the tips above to better protect your device and the data stored on it.

8 essential tips for protecting your phone from hackers

For many of us, our smartphones are our lifelines. We use them for personal and professional purposes: to join Zoom calls, to scroll through social media, to manage our money and to communicate with friends and family.

It can be easy to forget that these devices hold or connect to a lot of sensitive personal information and that they can be easily hacked if we're not careful.

Fortunately, there are steps you can take to secure your smartphone from hackers as well as habits you can avoid that would otherwise put your data at risk.

Choose your apps carefully and monitor continuously

Charles Edge, a security expert and software developer, suggests running only apps that are available from the Google Play Store or Apple App Store or another truly trusted source.

These apps have to meet certain security standards set by the store and are also scanned for malware. Do your research when downloading a lesser-known app, even from an official app store, to ensure that the developer is reputable.

Once you've downloaded an app, limit its access to other information on your device, including your location, contacts and photos. Apps may request limited or permanent access to other services multiple times and this access may violate your privacy if the app itself is ever compromised.

"Don't get click fatigue and start just tapping to grant access," Edge says. "And if an app asks for a resource that seems way out of bounds of what it should have access to, not only say no, but open a ticket with the App Store for your platform."

If you haven't audited your apps in a while, take some time to clean up your device. Delete apps you no longer use and revoke app permissions that are no longer needed.

Strengthen your security settings

Always protect your phone, and any apps that access sensitive personal information, with a passcode, a strong password or, if possible, biometric-authentication mechanisms like Touch ID or Face ID.

You should also enable two-factor authentication (2FA) on services that make it available and have the second factor delivered to a different device. This way your physical phone has an additional layer of security if it is ever lost or stolen.

Remember to turn off AirDrop and Bluetooth when you're in public, at least when you're not actively using them. Bluetooth leaves your device vulnerable to a number of malicious attacks, even from pretty far away. Even if your phone isn't hacked via Bluetooth, it leaves you open to AirDrop crossfire.

Enable auto updates

One of the simplest steps you can take to protect your phone from hackers is to turn on automatic updates for both your apps and your operating system. Updates are how security flaws get patched and allowing these to happen automatically ensures you won't leave your device unprotected for any length of time.

If your mobile OS is weak, it doesn't matter what else you use to secure your phone everything is vulnerable to attacks.

A virtual public network (VPN) can add another layer of privacy for your data, especially if you frequently use public Wi-Fi networks. The best VPNs encrypt your information to ensure that your location and browning history remain encrypted. Essentially, a VPN will render your data unreadable by anyone who intercepts it on the open Wi-Fi network.

Another option is to download a mobile security or antivirus app. These apps detect malware, deter theft, and may even offer data backup, device tracking or VPNs of their own.

Android devices come with Google Play Protect, a built-in malware scanner for your apps, although third-party Android antivirus apps are better. You can manage security options in your device's Settings app under Security.

What not to do

While preventive measures are important, there are also a few bad digital-hygiene habits that put your phone at risk.

Don't give people your phone number

First, stop handing out your phone number unless it's absolutely necessary. A phone number may seem innocuous, but it's often used as a form of ID, and it's where temporary 2FA codes are usually sent.

Hackers who learn your mobile phone number can use SMS to send you malware or phishing links that prompt you to compromise your personal data, and can also try to steal the number from you by having it transferred to another phone.

Don't download random files or apps

Don't download anything sent to your phone via SMS or email without carefully vetting the source first, even if the message seems to come from someone you know. And if the contact is unknown or if the message demands you take urgent action don't answer or click any links.

"When in doubt, don't respond," says Chandler Givens, a privacy expert at antivirus firm Avast. "Just as with email, mobile requests for personal data or immediate action are almost always scams."

Don't jailbreak or root your phone

You should also avoid jailbreaking or rooting your device, which may compromise any security built into your OS or apps.

"Once jailbroken, all the safety wheels are off," Edge says. "The basic protections Apple assumes when creating API endpoints are gone and apps can pretty much do whatever they want."

Don't use public Wi-Fi

Finally, try to avoid using public Wi-Fi networks, which are a prime place for hackers to gain access to your mobile device. Use your cellular data plan instead. If you have to hop on an unsecured network, such as when traveling overseas, make sure your VPN is enabled.

Indications that your phone has been compromised include overheating and diminished battery life. To see if any apps are using an unusual amount of power on your Android device, go to Settings > Battery > More > Battery Usage. In iOS, head to Settings > Battery.

Tom's Guide created this content as part of a paid partnership with Bitdefender. The contents of this article are entirely independent and solely reflect the editorial opinion of Tom's Guide.