Cybersecurity

Why the Apple Watch has some security pros worried

Robert Galbraith | Reuters

Much like how cyber criminals are increasingly targeting mobile devices over PCs, it's a virtual certainty that as wearable devices go more mainstream they'll be targeted by hackers.

"Once people see the power of a new technology and they start adopting it, they'll start using it for things like payments, storing sensitive data, business communications and when people start doing that, now there's an incentive for attackers to go after the device," said Kevin Mahaffey, chief technology officer at the security firm Lookout.

Read MoreBiggest hacking threat to business? Wearables

Which leads us to the Apple Watch.

While the watch doesn't hit shelves until April 24, security researchers are already trying to figure out what vulnerabilities might exist. And while there's no way to identify risks until the watch is in hand, the reality is anytime a device becomes connected to the Internet there's the potential for problems.

"The more ways we make data more convenient, the more risk there is to access the data and access things without your knowledge," Mahaffey said. "Just like adding another door to your house, it's just adding another way for bad guys to get in." (Tweet This.)

For now, Apple's watch appears to be the most secure of the emerging smartwatch landscape, said Geoff Vaughan, a security consultant at Security Compass.

It's essentially like adding a second monitor to your iPhone, since it requires one to perform most functions, Vaughan said. Thus, it's limited functionality without the iPhone actually makes it more difficult to steal valuable information, he said.

"All of the data at rest will be on the mobile device, which is in contrast with other watches where almost everything is on the watch. Those certainly have a larger threat landscape," he said.

It's worth noting that the Apple Watch can still be used for Apple Pay without the iPhone, but there are security measures in place to help ensure the owner of the Watch is the only one using it.

Read More How to turn your Apple Watch into an office

For example, the Apple Watch comes with an opt-in PIN similar to those used on an iPhone which requires users to enter it in each time they use Apple Pay with their watch. It also requires a PIN to be entered anytime the watch is removed and put back on.

The potential weakness that concerns most security pros, however, is when data is communicated between the Watch and iPhone.

Apple's Watch, which supports both WiFi and Bluetooth, requires that the Bluetooth be turned on for the device to pair with the iPhone. While this technology is generally safe, there have been cases when the encrypted communication has been breached.

In December, the security firm Bitdefender demonstrated how Bluetooth communications between Android smartwatches and smartphones could be vulnerable to attacks that enabled the interception of messages.

And while it's too soon to tell if this can be hacked with the Apple Watch, it's certainly a possibility, Vaughan said.

"There may be implications of always having Bluetooth always enabled on your phone," Vaughan said. "People who are security-conscious could choose to turn Bluetooth of NFC or WiFi or anything off when they are worried about security in particular areas, but having the watch means you have to have Bluetooth on all the time. So what are the implications of that? It extends your exposure to potential attackers."

A spokesperson for Apple said the company declined to comment on rumors or speculation.