New Study Shines Light on Smartwatch Hacking Vulnerability

In a recently presented study focused on evaluating the security of smartwatches, hackers were able swipe personal information ranging from emails and contact details to calendar events and health and fitness information.

Dr. Frank Breitinger, associate director of the University of New Haven Cyber Forensics Research and Education Group, lead a test group of "hackers" to test out 10 smartwatch models, including the Samsung Gear 2 Neo and the LG G Watch.

Get LifeLock protection now.

The experiment revealed that wearables are particularly vulnerable to cyber criminal attacks because of lack of encryption and an insecure user authentication system.

Specifically, hackers were able to obtain calendar events, contact details and pedometer date from the LG G watch, and they were able to compromise emails, messages and health and fitness information from the Samsung Gear 2 Neo.

Although smartwatches have yet to gain an overwhelming amount of traction in the wearables market, they are poised to grow, particularly as Apple's smartwatch piques user interest. According to market research firm Strategy Analytics and as noted in the Christian Post, wearable manufacturers such as Pebble, Motorola, LG and Samsung shipped 4.6 million smartwaches in 2014, but those figures are expected to reach 28.1 million in 2015.

The Christian Post article explains: "The study aims to inform users that their smartwatches do serve to store data, as well as other important information like bank account numbers and credit card numbers which can render it vulnerable to theft, just like mobile phones."

Dr. Breitinger, along with the study's co-authors, will present their findings in France later this month in a presentation titled, "What You Wear: Preliminary Forensic Analysis of Smartwatches."

This isn't the first time that the security risk of smartwatches has been revealed. In the past, Bitdefender researchers exposed that with some open-source tools, it's surprisingly easy to intercept communications between smartphones and smartwatches. In an experiment involving Bluetooth pairing with an Android device, the researchers found that since the Android Wear devices rely on a pin code of only six digits during initial Bluetooth pairing, an attacker could easily brute-force the number and begin reading conversations in plain text.

Another study, by HP Fortify, found that 100 percent of tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns.

“Smartwatches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” Jason Schmitt, general manager, HP Security, Fortify, says in a press release. “As the adoption of smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.”

4 Million Members and Counting


"I almost lost my job because someone used my driver’s license and received 8 violations."
- Casey S.


"All of my personal information, even my social security card, was taken."- Jamie A.

It only takes minutes to sign up.

Start Your Membership