Potential Security Threats to Wearable Technology

• 20 February 2017
• by: Hailey Carlson
• in: Cybersecurity
• note: no comments

The first computer, known as Electronic Numerical Integrator and Computer (ENIAC), was made over the course of three years, took up over 1,800 square feet, and weighed nearly 50 tons. Since then, computers have gotten smaller and more innovative, first to fit our desks, then our laps, our pockets, and now, we can wear computing devices on our bodies.

These devices, known as wearable technology, can be divided into five major categories: smart headgear, smart watches, fitness trackers, wearable medical devices, and smart clothing/accessories. As you can tell by the categories, these devices range from vanity gadgets, like Google Glass, to health-related devices, such as the ZIO wireless patch (which wirelessly tracks cardiac arrhythmia) and fitness trackers like Fitbit which help you manage your health.

The market for wearable technology is expected to grow to be worth over $34 billion with 411 million smart wearable devices sold by 2020, with the majority of the devices being comprised of smart watches and fitness trackers. With such a high amount of anticipated growth, there are also many factors that need to be considered, primarily the potential vulnerabilities that these devices can pose to their users.

Potential Vulnerabilities

Insecure Wireless Connections

Wearable devices often offer the ability to connect us even further by linking to our smartphones, laptops, and tablets via Bluetooth, Wi-Fi, and other connections. While this allows us to do things like track our food intake in tandem with exercise on fitness trackers and related tracking apps, it also creates another potential point of entry for hackers to gain access to our information.

Lack of Encryption

Like other Internet of Things (IoT) devices, wearable technology relies heavily on cloud-based computing. While ‘the cloud’ has become a buzz word, it is not a very secure space. Data being stored on manufacturer’s or service provider’s cloud servers is highly vulnerable because of a lack of encryption by service providers. This lack of security allows for hackers to have easier access to sensitive data stored in these devices’ clouds. Some third-party apps, which connect to these wearable devices, neglect basic security standards and hold onto information that is not encrypted. The kind of data that’s automatically being collected and stored by wearable devices is very valuable to hackers trying to steal sensitive information.

Nonexistent Regulations

Manufacturers will have to address the many security issues surrounding wearable devices — whether they choose to self-regulate or be bound by government regulations, a decision needs to be made in order to protect individuals and businesses from attack. These IoT devices need to be secured before being brought into businesses in order to protect the company’s network. Regulations could potentially shift the responsibility for any subsequent breaches or attacks that occur from the manufacturers of these devices to the company’s who fail to secure their networks.

Sensitive Data Exposure

Devices like fitness trackers, smart watches, and VR headsets contain a plethora of information about their users. On a smart watch, for example, users have the ability to receive text and email alerts, and even conduct online banking activity as well. When users use these devices, which are lacking in regulations and lacking in encryption, they could potentially be exposing any of the sensitive data accessed on these devices, including login credentials, banking information, Social Security numbers, and much more. Because of the potential severity of a malicious actor accessing this data, it is important for individuals and businesses alike to look at how they can secure these devices.

Secure your Devices

We can now all pretend to be David Hasselhoff in Knight Rider with spy-like smart watches, or submerse ourselves in virtual worlds with VR headsets, and while these are great technological advancements, it is essential that these devices are protected. Fitness bands or smart watches that monitor and capture information about things such as your movement using GPS or your personal information like logins and passwords can provide a malicious actor with details about our daily routines and current location or allow them access to your private accounts. While this can be a scary thought, there are steps that can be taken in order to protect you from these, and other, vulnerabilities.

• Remote erase feature– If your business allows wearable technology, employees should be encouraged to enable the ability to remotely erase data from and/or disable their device if it is ever lost or stolen. This is similar to the ‘Find my iPhone’ feature on Apple smartphones, and it is a feature that wearable device manufacturers should really consider implementing in the future production of devices in order to protect their users.
• Increased regulation– As mentioned before, whether it is among the manufacturers or by government intervention, regulations are necessary in order to keep a certain high-quality standard for these devices’ integral cybersecurity upon their creation.
• Custom security levels– By allowing users the ability to choose their own level of security, this gives them responsibility over their own safeness. Users seldom consider security when wearing their devices, so defaulting to the least secure settings opens a vulnerability for hackers to exploit; however, if users are prompted to look directly at their own level of cybersecurity for the massive amounts of data stored on these devices, they are likely to decide to better protect themselves.
• Encryption of data– If a hacker was tricky enough to actually gain access to your wearable technology device, having that data encrypted makes it that much harder for him/her to gain access to the sensitive information stored on it. Though there is currently a lack of encryption when it comes to these devices, Bluetooth encrypting and the encryption of valuable data will aid users in enhancing their overall cybersecurity.
• Physical protection of devices– A small Apple watch is much easier for someone to steal from you while you walk down the street than it would have ever been to steal ENIAC back in the ’40s. Like many IoT devices today, a major concern is that a passerby might grab your device out of your pocket when you’re not looking. By storing your devices in safe places and passcode locking them, you can make it harder for physical criminals to take your data or access it if they do. As mentioned above, if this were to occur, newer wearable technology oftentimes comes with a remote erase feature in order to save your data.

Hailey R. Carlson | Axiom Cyber Solutions | 02/20/2017