Smartwatches and QR codes are already used by all kinds of users on a daily basis, so it is worth reflecting on the dangers to privacy and personal data, as they are a gateway for cybercriminals to sensitive information, such as bank accounts or credit cards.
Fraudulent activities that can be carried out on QRs
QR, or Quick Response codes, similar to barcodes, have been around since the middle of the last century but their use was boosted by COVID-19. They have gone from being a tool for labelling goods to providing services in multiple spaces such as airports, concerts, theatres or restaurants. However, their massive use brings cybercrime with it.
The National Institute of Cybersecurity (INCIBE) identifies the risks to which a user can be exposed after scanning a rapid response code. Phishing, the strategy that attempts to get hold of personal or bank details or directly extracts money, is the most common. Also, malware or malicious code injection can be carried out to insert a virus into the device, and qrljacking or WhatsApp login hijacking.
To prevent cyber fraud when using smartwatches and QR tags, users should pay attention to the codes they scan. According to the National Police, one of the contexts in which special care must be taken is when the user sees the code pasted on an additional poster. For example, it is an advertisement for a well-known brand and the only item that stands out from the poster is the label. Being wary of advertisements, prizes, gifts, sweepstakes, etc., is crucial to avoid the malicious intentions of cyberattackers.
How to prevent cyberfraud with smartwatches
The Office for Internet Security (OSI) provides a series of good practices to prevent computer fraud when using QR codes. It is not a question of giving up using this kind of convenient and useful technology, but of learning to make rational use of it. For this reason, before scanning any code, the first step is to look at the landing page. If the code is directed to a download application, and eventually ends up in a paid SMS service, do not click on any links. And finally, the user may wonder whether the application can detect security flaws in the mobile phone in order to steal information.
Now we know the dangers, it is time to take a closer look at the main recommendations. For example, only scan codes from trusted brands located in a real and natural environment and ensure that browsing standards are secure, they should generally start with HTTPS.
It is preferable to avoid scanning codes located in random streets, shopping centres with massive flows of people or public transport, and to check that the code is not a sticker covering the original one. And, as always, use common sense and never provide any private information, such as passwords or users.
Security risks of smartwatches
Smartwatches are just one of many devices contributing to the Internet of Things (IoT), and as the market continues to grow, these devices are becoming more advanced in their capabilities and vulnerable to attack by cybercriminals. Most concerns about the privacy of these gadgets are based on the dangers of connected technology and the lack of regulation on cybersecurity standards.
Are data on smartwatches vulnerable? These devices collect a lot of personal information, which attackers can use to hijack a digital identity. However, this is not a reason for discarding them; it calls for proper data management.
Like smartphones, smartwatches have security weaknesses. A first example is phishing, as is the case with QRs. In this case, the fraud occurs by downloading a fraudulent application, and after entering any personal information into it, hackers steal vital user data and credentials.
Then there is Bluetooth Low Energy with vulnerabilities in its data encryption and accelerometer, which can be hacked to reveal passwords and credit card numbers.
Tips for protecting the data on your smartwatch
Due to the lack of data protection, the user should proceed with caution when handling smartwatches. You can start to limit the risk by using the privacy features of watches. It is advisable to block unauthorised pairing via the activation block version.
Moreover, to prevent cyberfraud when using smartwatches, it is highly advisable to use two-step authentication, first the tracking confirmation and then the authorisation on a second device to keep out unwanted users. Password protection on the lock screen is another obstacle for cyberattackers.
Some smartwatches may offer several types of protection, if so, the consumer should make sure to activate as many as possible. These may include:
- PIN or unlock pattern for use.
- Complete blocking if the synched device is far away.
- Detection of “blocking on deactivation”.
Protecting your synched smartphone is just as important as protecting your watch. Therefore, unofficial applications should never be downloaded and unauthorised modifications to the device are not recommended. The smartphone’s operating system should always be kept up to date.