Should you be wary of wearables? Here’s what you need to know about the potential security and privacy risks of your smartwatch or fitness tracker.
Smartwatches, fitness trackers and other wearables are fast becoming as familiar to us as our mobile phones and tablets. These connected gadgets do much more than say time. They track our health, display our emails, control our smart homes and can even be used to pay for stores. These are an extension of the so-called Internet of Things (IoT) which is making our whole life healthier and more convenient, as well as reducing the screen time of the smartphone. Reached about six hours For half of Americans this year.
Surprisingly, this is a market Set to grow Over the next few years, annual growth will exceed 12.5% ​​and exceed US $ 118 billion by 2028. But while wearables are reaching more into our daily lives than ever before, they are collecting more data and connecting with a growing number of other smart systems. It pays to understand these potential security and privacy risks up front.
What are the major security and privacy concerns?
Threatening actors have multiple ways to monetize smart wearables and attacks on apps and software-related ecosystems. They can intercept and manipulate data and passwords and unlock lost or stolen devices. There are also potential privacy concerns regarding the confidential sharing of personal information with third parties. Here’s a quick round up:
Information theft and manipulation
Some feature-rich smartwatches provide synced access to your smartphone applications, such as email and messaging. This could allow unauthorized users to intercept sensitive personal data. But of equal concern is where most of that data is stored. Providers may be targeted by information thieves if it is not properly protected at rest. There is a rich underground market for certain types of personal and financial data.
Location-based threats
Related to another original data type location recorded by the most wearable. With this information, hackers can create an accurate profile of your daily activities. This may enable them to physically attack the wearer, or their car / family is sometimes considered empty.
There are further concerns about the safety of children wearing such devices, if they are being tracked by unauthorized third parties.
Third party companies
It’s not just security risks that users need to be aware of. The data that your devices collect can be invaluable to advertisers And there is a roaring trade-off of such data in certain markets, although it should be strictly regulated in the EU by law. Launched in 2018. A report That demands revenue Made from data sold to insurance companies by health device manufacturers could reach US $ 855 million by 2023.
Some third parties may even use it to create and sell ad profiles of wearers. If this data is stored by multiple other downstream companies, it presents a greater risk of breach.
Smart Home is being unlocked
Can be used to control some wearable smart home devices. They may even be set up Open your front door. This poses a significant security risk if the devices are lost or stolen and the anti-theft settings are not enabled.
Where does the device ecosystem fall short?
The device you are wearing is just part of the picture. In fact, there are multiple components, from the device firmware to the protocol it uses to connect, its apps and the back-end cloud server. Everyone is vulnerable to attacks if security and privacy are not properly considered by the manufacturer. Here are a few:
Bluetooth: Bluetooth low energy is usually used to connect wearables with your smartphone. But Numerous weaknesses The protocol has been invented over the years. They can allow attackers to crash devices, snoop on data, or manipulate data.
Device: Often the software on the device is vulnerable to external attacks due to poor programming. Even the best-designed watch is ultimately man-made, and so there may be coding errors. These can lead to privacy breaches, data loss and more.
Weak authentication / encryption on devices may be revealed separately for their hijacking and hijacking. Users should also be aware of shoulder surfers when viewing sensitive messages / data in their wearable messages in public.
Applications: Smartphone apps associated with wearables are another way to attack. Again, they can be poorly written and vulnerably puzzled, revealing access to user data and devices. An individual risk is that the app or even the users themselves are unaware of the data. You can accidentally download fraudulent apps designed to look like legitimate ones and enter personal information into them.
Back-end server: As mentioned, provider-based cloud-based systems can store device information, including location data and other details. This presents an interesting goal for attackers looking for a big pay-day. There is nothing that you can do about it except to choose a reputable provider with a good track record of safety.
Unfortunately, many of the above situations are more than theoretical. A few years ago, security researchers found widespread vulnerabilities in children’s smartwatches that reveal location and personal data. Earlier, a separate investigation found that many manufacturers were sending encrypted personal data from children using products on Chinese servers.
Concerns remain today, with studies showing gadgets to be sensitive to manipulation that may even Physical distress of the user. Another one Research claims that Hackers can change passwords, make calls, send text messages, and access cameras from devices designed to monitor adults and children.
Top tips for locking down your device
Fortunately, there are several things you can do to reduce the risks mentioned above. They include:
- Introducing two-factor authentication
- Password lock screen protected
- Settings are being changed to prevent unauthorized pairing
Protect your smartphone with:
- Only go to the valid App Store
- Keep all software up to date
- Never use a jailbreaking / routing device
- Limit app permissions
- Installing reputable AV software on the device
Protect your smart home with:
- Wearable sinks are not being installed on your front door
- Keep the device on the guest Wi-Fi network
- Updating all devices to the latest firmware
- Make sure all device passwords have been changed from factory default settings
Overall:
- Selecting reputable wearable providers
- Take a close look at the privacy and security settings to make sure they are configured correctly
Since wearables have become a big part of our lives, they will become a big target for attackers. Do your research before you buy, and once you boot up the device, stop attacking as much as possible.
