The first phone with internet capability was released in 1993 by IBM and Bellsouth. Christened the Simon personal communicator phone, the device was designed primarily to allow for portable communication, with secondary purposes relating to the phone’s ability to connect to the web. At that time, the mobile nature of the device was perhaps as exciting as its features and uses. Now, nearly 25 years later, consumers have graduated from carrying their tech to actually wearing it. Though wearables are revolutionizing modern life, these internet-equipped accessories can pose significant security risks. Here are the three top tech security concerns about wearables and recommended solutions users can employ to protect themselves from malicious cyberattacks.
Data Is Not Encrypted
Wearable tech like smart watches, activity trackers and pulse trackers collect and store data locally. Many of these products make no attempt at encrypting the data or at restricting access to it. Since many of these devices do not ask users for authentification through a password, PIN or biometric security confirmation, anyone who has access to the device has immediate access to the data that device holds. Additionally, this private data is also susceptible to interception while in transit as it is synced with information to be stored on a service provider or manufacturer cloud servers. This risk is compounded if the user also employs a third-party app since some apps fail to enforce even fundamental security standards; this means the data they store or send is not encrypted either. Users may think that no one is interested in the information their Fitbits collect, but that is precisely the kind of data health insurance providers would love to view before agreeing to uphold a medical insurance policy.
Solution – For now, users are responsible for keeping their devices and information safe. However, with more awareness, device manufacturers might be pressured to strengthen security measures and increase data protection. By implementing the requirement of a unique password, as well as the encryption of communications and data storage, to gain access to the device data, privacy would experience an exponential improvement.
Connectivity Is Not Secure
One of the appeals of using a wearable device is the ease with which it can wirelessly connect to a tablet or smartphone via Wi-Fi or Bluetooth, but this convenience also represents a sizable weakness. A user may find it easier to just leave Bluetooth on at all times to allow for syncing to occur. However, a good number of these wireless communications are not prepared to deal with “brute-force” cyber attacks. Traditionally, hackers seek out and exploit software vulnerabilities to infiltrate a system, but a “brute-force” attack is an attack at multiple points of entry attempting to break into a system by applying a trial and error approach to cracking the login details.
Solution – To defend against brute force attacks on a mobile-device-to-wearable connection, users should confirm a connection to a network serving as few devices as possible.
Covert Collection of Data
Not all risks involve the user being exploited for information; the user is also a potential perpetrator of collecting data through the use of wearables. Devices like smartwatches and headgear allow the wearers to record audio, snap photos and film video without being detected. Since this tech is small and innocuous, abuse of these features would be virtually undetectable. Not only would credit card numbers and identification documents be at risk, but anyone with a wearable could monitor the actions and behaviors of anyone they please.
Solution – Companies will need to discuss limiting the capabilities of wearables and forbidding those that pose the highest threat. Businesses and venues may request that patrons disable specific features, or may restrict where wearables are permitted as the risk of monetary and identity theft increases with these capabilities. Proactive individuals may want to consider a service, like LifeLock, to help protect themselves from identity theft.
Twenty-five years ago, when the first mobile computer phone was unveiled, it is unlikely that the developers foresaw the evolution from mobile devices to wearable ones. Like all great innovations, the perks come with drawbacks, but being aware of the risks and planning ahead will mean that users can avoid being exploited and simply enjoy the advancements of technology.