Cybersecurity for Smartwatches — 2024 Review

I revisited my paper on Cybersecurity for Smartwatches to compare its findings against 2024 advancements and challenges — Here’s what I found 👇

✅ New Research: Robust encryption like ECC remains vital, while side-channel and replay attack risks persist. Secure Simple Pairing (SSP) shows progress yet requires stronger session validation.
✅ Regulations: Updates such as EU Digital Services Act (DSA) and CCPA promote transparency and accountability, but children’s devices remain unregulated, leaving security gaps.
✅ Technical Advancements: TLS 1.3 strengthens GPS/fitness data security. Biometric authentication like ECG/PPG reduces reliance on weak PINs. Secure firmware updates tackle unauthorized changes, and Bluetooth 5.3 mitigates spoofing and man-in-the-middle attacks, though legacy devices lag.

Remaining Challenges:
❗Children’s Smartwatches: Weak encryption, default passwords, and insecure APIs leave kids exposed to stalking and data breaches.
❗Privacy: Excessive data collection and third-party sharing persist despite regulatory gains.
❗IoT Risks: Interconnected devices expand attack surfaces, enabling malware to exploit shared networks.
❗AI Threats: AI-driven malware increasingly targets APIs, bypassing authentication and exploiting machine learning models.