Smartwatches have poor security features, study unveils

If someone were to steal your smartwatch, he or she would get loads of data about you, new study finds.

According to a study by Trend Micro, in partnership with First Base Technologies, security features on some of the market’s most popular smartwatches are poor.

The study looked at physical protection, data connections and information stored on the device, and has tested Android-based devices Motorola 360, LG G Watch, Sony Smartwatch, Samsung Gear Live and the Asus Zen Watch; as well as the Apple Watch and the Pebble wearable – which run on their own operating systems.

All devices were upgraded with the latest OS version at the time of testing and paired to the iPhone 5, Motorola X and Nexus 5.

All devices had poor physical protection, the study suggests, saying there was no password authentication or other means being enabled by default. That means if someone was to steal your device, he or she would have access to a significant amount of data.

All devices apart from Apple Watch, failed to contain a timeout function, meaning that passwords had to be activated by manually clicking a button.

Despite having better security features than its Android or Pebble rivals, the Apple Watch contained the largest volume of sensitive data.

All of the tested smartwatches saved local copies of data, which could be accessed through the watch interface when taken out of range of the paired smartphone. This means that anyone who compromised the wearable would have access to this data.

All of the devices stored unread notifications, except the Pebble, as well as fitness and calendar data. The Apple Watch stored the most data of all, with images, contacts, calendars and passbook data, which can store information such as plane tickets, all being stored locally.

The Apple Watch was the sole wearable which allowed a wipe of the device after a set number of failed login attempts; leaving the other devices open to brute force attacks.

The trusted devices feature on Android, which removes the need for a smartphone password when in proximity to a verified device, means anyone with both a smartphone and smartwatch could potentially have unrestricted access to both devices.