Wearable devices are increasing in popularity all over the world. Smart watches, fitness trackers, wearable cameras, smart clothing, medical devices – any electronic gadget that can be worn and is connected to the internet can basically be classified as a wearable.
Fueled by the evolution of the Internet of Things (IoT) technology and the growth of Internet speed and mobile data, more and more people and businesses alike are choosing to integrate wearables into their lives. In fact, this market is expected to surpass $51 billion by 2022, according to Market Research Engine. Key players such as Apple, Xiaomi, Fitbit, and Samsung are competing to launch the most revolutionary products.
Even though the progress in this industry is remarkable, the security features of wearables are simply not keeping up with their evolution. This issue raises concerns around users’ privacy and safety and increases the chances of cyber-attacks.
Did you know that your wearable device can be yet another point of entry for cybercriminals to break into your digital life, harvest all your personal data, and steal your identity? Or worse, wearable medical devices can even pose threats to your life.
What are the security concerns of wearables?
Consumers don’t typically think about cybersecurity by default and sadly, many of them are still living with the “it won’t happen to me” mindset or think they are not important enough to be targeted by cybercriminals. But people’s naivety coupled with poor security practices employed by manufacturers can be the perfect recipes for cyber disasters.
So, here are a few ways in which your security and privacy can be threatened by wearables.
- Poor authentication methods
One of the main security issues of wearables revolves around authentication. Some wearables on the market don’t have any log-in methods in place at all, which is the worst cybersecurity practice. But even when authentication is available, there are users who simply ignore it.
How many people would leave the entrance to their home permanently unlocked? It’s safe to say that almost none. They know burglars could break into their house and they wouldn’t want to risk losing their goods and money. Yet surprisingly, studies have shown that more than half of people don’t use passwords to protect their mobile devices. So most probably, the same pool of people won’t take the elementary step of using an authentication method for their wearables either.
Ideally, wearable gadgets should be protected by passwords and two-factor and/or biometric authentication for increased security.
- Lack of encryption
A mind-blowing amount of data is collected by wearables. But is it safely stored and transferred?
Another important aspect that concerns the security of wearables is encryption. As of today, there are still some third-party apps installed on devices which transmit or store data that’s not encrypted. A recent report has shown that over 90% of IoT device transactions on corporate networks were unencrypted. That means data can be read in plain text without it being turned into code to prevent unauthorized access. I know, it’s hard to believe that someone could leave data out in the open just like that. The lack of encryption could leave devices vulnerable to cyber threats, such as man-in-the-middle attacks or malware infections.
- Insecure connectivity
Wearables can be connected to other devices like smartphones, laptops, or tablets via Bluetooth or Wi-Fi. Of course, this practice is aimed at creating a seamless customer experience across gadgets. But although the manufacturers’ intentions are good, this practice can lead to additional security holes and even more potential ways for malicious actors to break in.
For instance, when syncing wearables with other gadgets you should be asked to enter a PIN or password to pair them, but unfortunately, this isn’t always the case.
- Patching issues
Software updates are vital when it comes to security since they address critical vulnerabilities that can be fixed before hackers get the chance to exploit them.
But how many wearable manufacturers do actually provide them? Or even if they do offer patches, they are generally unrelated to cybersecurity, and rather aimed at improving the overall user experience.
Ideally, patches should be automatically applied and must also include security updates. But if you have to download and install them yourself, don’t postpone the process and apply them as soon as they are released.
- Data collection
For instance, think fitness trackers. These devices record and store our most sensitive data. In fact, 63% of people believe IoT devices are ‘creepy’ in the way they collect data about people and their behavior.
Some even argue that your medical records are worth ten times more than your credit card number on the black market. Why? Because, first, they store your personal information such as email, username, and password. Secondly, other specific details about you are recorded, like height, weight, eating habits, gender, birthdate, or your exact location using GPS monitoring. Finally, some wearable devices may even store your credit card information. So, where there’s data, there’s also a window of opportunity for malicious actors to steal it and sell it on the dark web.
I believe manufacturers have the duty to build solid security foundations to protect their users. They should also be forced by rules and regulations to better secure their gadgets. For example, the U.S. Congress already introduced the IoT Cybersecurity Improvement Act of 2019, which supports a better IoT cybersecurity hygiene.
Attacks conducted on wearable devices could result in compromising personal files and financial information. What’s more, hacks performed on medical wearables could also lead to physical injury and threaten people’s lives. So, if security is not taken seriously, more and more individuals will lose their confidence in these devices and will stop purchasing them. What started out as a technology designed to improve the quality of life, increase productivity, facilitate communication and learning, and drive medical research, could gradually turn into failure.
Wearables manufacturers should not expect users to defend themselves against cyber-attacks on their own. They should consider all possible attack scenarios and test their devices multiple times before release. But while it must be the duty of companies to create products with the best security features in mind, consumers should also pay attention to what they’re purchasing. It’s always best to research and compare alternatives, check if a provider was affected by any data breaches and investigate how exactly they handle their users’ security and privacy.
Written By: Bianca Soare