Smart watches, which are gaining popularity among Russians, are among the Internet of things (IoT) devices, which means that by hacking them, an attacker can get confidential user information, listen to their conversations and track their movement, said Ilyas Kireev, a leading promotion Manager at Crosstech Solutions Group.
According to him, the main problem of IoT devices is weak security mechanisms. The small product lifecycle means that there are no regular security updates and the device may have dangerous vulnerabilities.
"Vulnerabilities in IoT devices create favorable conditions for hackers to create large-scale botnets like Mirai and the most powerful DDoS attacks on the Internet," said he.
"Data can leak both via the Internet and via Bluetooth. Critical Bluetooth vulnerabilities allow executing arbitrary malicious code on the device and gain full control over the device's system, as well as carry out a man-in-the-middle attack (MiTM), which leads to the unauthorized interception of user data," added Mr. Kireev.
"An attacker can find out the PIN code from your card, passwords, your daily routine, and much more, which will give them full control over all your operations. For example, if a smart watch manufacturer uses centralized systems for storing and processing data, then one attack is enough to get all the data of customers," warned the expert.
According to Mr. Kireev, to protect yourself and your loved ones, you need to constantly update the software, not enter the CVV of bank cards and control the information transmitted.
It is interesting to note that lawmakers around the world have long expressed their concerns about the fact that smart watches can act as a spy that is always on the wrist. So, the German Federal Network Agency, which regulates the telecom industry, introduced a ban on the sale of smartwatches for children back in 2017. The agency said that devices with a built-in tracking function violate German law.