Kaspersky Lab this week extended its Google Android phone security software onto wristwatches.
The upgraded software notifies users about their phone security, and lets them respond from Android smartwatches. It also opens the door to discussion about the security of smartwatches.
Usefulness of the current extension remains to be seen. “It’s a question of getting alerts, perhaps, and finding out what’s going on in your system. It’s a way maybe of increasing the information you are getting from it,” said Kaspersky’s David Emm, an Oxford, U.K.-based security researcher.
Threats on Android phones, according to 2015 research by Hewlett-Packard, include traditional infections by viruses and spyware, as well as general types of insecure software. More recently, Kaspersky found an increase in aggressive advertising that can hijack your browser, open applications, and worse, Emm explained. In 2015, 17% of security vulnerabilities were designed for Android, he added.
One of the most significant smartphone threats happened on the Apple iPhone last fall, when attackers created a fake version of Apple’s Xcode and used it to create dangerous applications that appeared legitimate. These applications briefly made it past Apple security and into the App Store.
There’s not much Kaspersky can do about that because the company does not have an iPhone application. “The function from a consumer point of view is limited simply because we don’t have the access,” he said, referring to Apple’s limitations on opening its security closet.
Back to the Android version — what the application doesn’t do is protect your smartwatch itself. Given that smartwatches possess input, output, storage, operating systems, and network connections, the idea of targeted malware could be a matter of when, not if, smartwatch malware evolves.
“To my knowledge, we haven’t seen any threats which are targeting smartwatches,” Emm said.
He noted that when smartphone malware comes into being, it may be easiest to protect your wrist-worn device by observing it from your smartphone. “It may well be that we’re able to keep an eye on the device from the device it’s paired with,” he explained.
That would lead to a security tongue twister. Your phone watches your watch and your watch watches your phone.
But it’s no laughing matter. “The more ancillary threat we have, the bigger threat I think is going to come from people trying to capture data from those devices. The potential threat for a lot of this technology is great,” Emm continued.
Mario Serrafero, editor of the popular Android discussion forum XDA Developers, said it’s reasonable that Kaspersky’s update follows the overall smartwatch trend of extending your phone software, not trying to be independent. There’s not yet much data stored on watches to make them worth hacking, he noted.
Serrafero said he envisions smartwatch security taking a different route. “I can’t speak for what the future would hold, and there are other ways in which Wear can be used for malicious security breaches apart from data loss: a recent thesis proposed a way to use smartwatches sensor data to reconstruct hand motion and in turn decipher what a person is typing. If Android Wear security issues arise, I think those would be the kind of things hackers would aim to exploit, rather than stealing data.”
Kaspersky Internet Security for Android is available as a free update in Google Play. A premium edition, which comes with more features, is also available.