Researchers based at the University of New Haven have demonstrated how a user’s personal information can be extracted from the Gear 2 Neo by Samsung and LG’s G Watch. From the Gear 2 Neo the researchers were able to extract email, messages, health and contacts data, none of which was encrypted on the smartwatch.
Director of the university’s Cyber Forensics Research and Education Group Ibrahim Baggili said that it wasn’t very difficult to obtain the data from these smartwatches, “but expertise and research was required.” Baggili plans to present the team’s findings along with co-authors Jeff Oduru, Frank Breitinger, Glenn McGee and Kyle Anthony at a digital forensics conference in August. They were able to extract data from the smartwatches by going through the watches’ files and locating traces of watch activity on the Android powered Samsung smartphone that they were linked to.
With smartwatches increasingly becoming popular one would think that the companies making them would take extra care to ensure that users’ data remained safe even if they were to lose their smartwatch. In a statement provided to CNET, Samsung said that it “takes consumer privacy and security very seriously and our products are designed with privacy in mind. If at any time we identify a potential vulnerability, we act promptly to investigate and resolve the issue.” Though Baggili has a few words of wisdom for people who wear smartwatches, he says don’t forget your smartwatch the next time you are taking a shower at the gym, your data is not as safe as you might think.