It’s thanks to Near Field Communication (NFC) technology that we’re able to make contactless payments using our smartphones or wearable technologies like smart watches, as well as for asset tracking and access control purposes. Although NFC technology is being harnessed in industrial, smart home automation and automotive use cases, for example, it is perhaps best understood by the everyday consumer as the technology that facilitates contactless payments.
The history of wearable technologies can be traced back to the early 2000s, where technologies like the Bluetooth headset was released by Nokia in 2002, and the Fitbit classic came out in 2008, understood as an early blueprint for smart, fitness tracking technology today, as it contained features such as step tracking, the distance travelled and calories burned by the user.
The rise in the use of wearable technologies, its versatility and that ever-attractive characteristic, convenience, has simultaneously led to a rise in concerns over the security of paying with these devices. It begs the question: Does paying with a smartwatch pose a security risk?
Researching this point can sometimes bring up research exposing the risks and warning against ownership of a smartwatch, with phrases such as “goldmine for hackers” and “not a smart decision” deployed in the conversation. The reality is less extreme – the risks are apparent, but so are the risks apparent for using a smartphone, or accessing the Internet on your laptop. Risks will always exist, and therefore it’s important to understand and recognise these risks in order to understand how to shield against them.
Risks posed by a smartwatch
The potential security risks posed by smart watches include data theft; device compromise; phishing; and malware and exploitation. Bluetooth Low Energy (LE) is the primary communication method for smartwatches and as a result, can be susceptible to exploitation. As an example, a malicious intervention while devices are being paired could mean attackers can eavesdrop on the pairing and authentication process.
A 2018 study conducted by Kapersky concluded that a hacker is capable of spying on a smartwatch user, in effect, by gaining access to their data that can indicate whether they are walking or sitting through accelerometer patterns that fitness trackers themselves use for differentiating between walking or cycling movements, for example. It also came to the conclusion that uploading accelerometer readings is battery-intensive, and that a user could ascertain if they had been hacked by monitoring Internet traffic and the battery life of their smartwatch.
This isn’t to suggest complacency is the way forward, however. A hacker is still capable of gaining access to a user’s smartwatch and collecting private, sensitive data, as evidenced by the 2018 study carried out by Kapersky. The focus, therefore, needs to be on encouraging best practices and awareness.
Safeguarding against risks
Existing safeguards like biometric authentication – using a fingerprint or facial recognition unique to the user – tokenisation to guard against data theft, limiting the sensitive information available directly on the device and remote wipe functionality are all cognisant of the risk that smart wearables pose, however in some cases stressing the importance of consumer best practices can go a long way in avoiding worst-case scenarios where sensitive data is stolen, or Bluetooth connectivity facilitating communication between a smartwatch and a smartphone is exploited.
These best practices include keeping software up to date; using strong passwords with two-factor authentication; avoiding public Wi-Fi for payments; and monitoring transactions regularly for any signs of suspicious activity can have a significant impact in the grand scheme of things.
Smart watch payments are unlikely to disappear any time soon. There will be an expectation from consumers for the wearable technology they use in their day-to-day lives to be up-to-date with security measures. The speed, ease of use and convenience they bring to contactless payments in particular has been a big draw to attracting users to the technology, who will continue to use it for tasks such as contactless payments.
Conclusion
The risks to a smartwatch remain. Encouraging consumer vigilance and best practices as well as reminding manufacturers of the importance of instilling security by design will help to mitigate the risks posed by using a smart watch for your transactions. It also avoids the recommendation to ditch smartwatches altogether – as smart wearable technology, arguably, is here to stay.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.