The requirements of Apple Pay have made Apple Watch one of the most secure smartwatches available.
The device came top in a comparison to the Samsung Gear 2 Neo, Motorola Mobility Moto 360 and the Shenzhen Qini U8 by MobileIron.
Particularly notable was the device’s passcode feature. This automatically activates a passcode requirement when the device is removed from the list.
Additionally only apps that have the WatchKit extension can have their app and data viewable on the smartwatch.
While the Samsung Gear 2 Neo offered passcode protection, MobileIron highlighted that this was not time-based but proximity-based, meaning that as long as the smartwatch is paired with the phone the protection is disabled.
The report also found that attackers could access data through the micro-USB connection interface when USB debugging is enabled, since no passcode or account password was required, unlike with smartphones.
MobileIron also claimed that current versions of the Moto 360, meanwhile, did not offer a passcode facility at all as they were not running the most recent update of Android Wear.
The worst device on the list was the U8, which MobileIron described as ‘high risk’. This required a pairing application to be linked to a smartphone, which was downloadable from an unknown IP address in China and not from the Google Play Store.
In addition, once the devices were paired, data synced to the device automatically, and the Smartwatch Helper app showed suspicious behaviours, such as the ability to retrieve information from the smartphone. There was no passcode facility.
Ben Wood, Chief of Research at CCS Insight, commented: "It shows that for enterprises and businesses they need to throw the net a lot wider in terms of the connected devices.
"For businesses that are managing mobile devices, including smartphones, tablets or wearables, you need to make sure you have the latest software version and ensure you download the apps from reputable app stores.
"The no-name brand Chinese device actually posed the greatest security risk."
Wood attributed Apple’s improved security protections to the demands of the device.
"We’re on a learning journey. Some of Apple’s implementations, such as the PIN code, are probably best practice.
"Apple have thought it through a bit more. It reflects the fact that Apple is always able to attract the best developers. There’s been more sensitivity to security aspects of the Apple Watch.
"This is because payment is so intrinsic to the device, with Apple Pay, so Apple would have thought a lot more about security."
However, Wood claims that the Android vendors are improving their performance.
"The report shows that the Android guys have taken notice and re-iterated in latest fixes. The leading manufacturers are making positive steps forwards."
While smartwatches have garnered more attention since the release of the Apple Watch, the device is still in early days.
"Today smartwatches are not [carrying much data] and often are only storing a subset of the data on the phone. That’s going to change. The data stored on the device and its capabilities will increase.
"With some Android Wear devices, you can actually use a wi-fi connection. Samsung Gear S is actually a mobile phone, with a SIM card.
"The greatest risk of these devices is companion software, if you buy a no-name smartwatch and download [the software] from a random website."
