Wearable gadgets are rapidly invading our home and office space in the same way how smartphones did. The wearables currently in use are smart watches, smart glasses, hearables, fitness and health trackers, smart jewelry and smart clothing. The popularity of these devices is growing rapidly all around the world. These devices offer convenient and fun platforms with displaying notifications, controlling media libraries, or accessing personal verbal assistants, track workouts, check emails, etc., A few to mention are Apple Watch, Pebble Watch, Microsoft Band, Fitbit, Jawbone Up, Nike+ Sportband, Motiv Ring tracks fitness activity, heart rate, and sleep patterns in a slim, minimalist ring and medical wearables, like iHealth's wireless pulse oximeter and Withing's blood pressure monitor etc.,
Gartner, Inc. forecasts that worldwide shipments of wearable devices will reach 225 million in 2019, an increase of 25.8 percent from 2018. End-user spending on wearable devices is forecast to reach $42 billion in 2019. Of that, $16.2 billion will be on smartwatches. With the immense popularity most consumers ought to buy these devices don't think much about security risks involved while using these devices. These wearable gadgets in a way help cyber criminals by acting as another way to hack user accounts, enabling them to steal sensitive personal information, or even money from their financial accounts. Most of the end users of wearable gadgets have a perception that, because it is coupled to a smartphone the security is already built-in, but in reality that is not the case.
These devices collect data about the user and communicate with a base station, which in most cases is the user's phone. Many of the devices available to consumers are able to go way beyond their primary function e.g., the more expensive fitness trackers also monitor vital signs and offer email and Internet connectivity. The same is true for smart watches that also allow users to pay for goods and services. It's not hard to see how the Internet of things the connectivity that links an employee's watch to a personal mobile device that in turn has access to a company's network where sensitive financial and customer information is stored suddenly becomes a cyber-security nightmare. With all this it is important that security needs to be built-in to the wearable devices.
History of Wearable devices
Wearable technology has taken off in a host of directions once considered impossible. The device landscape has come a long way from the earliest wrist-sized calculators or the first Bluetooth headsets.Pulsar's Calculator Wristwatch can be considered as the first consumer wearable device to achieve global success. In 2000, the first Bluetooth headset was sold and in 2004, the first GoPro was launched. Google Glass or simply called as Glass, released in 2013, was the first voice-operated optical head-mounted display product to combine hands-free internet access with augmented reality and the ability to capture images This is considered as the first wearable device that kick start the growth of Wearable gadgets. Glass is an eyewear device that has built-in computer in the frame of a pair of glasses. It provides numerous innovative features that make people life more fun. However, many concerns have been raised from various sources regarding to some issues that could be threatened wearer's security and privacy. The most successful wearable devices on the market right now are smart watches and health and fitness tracker.
What Is Wearable Technology?
Wearable technology has changed the way we receive, use, and share data.There is a fundamental paradigm shift in how we view and interact with technology. Wearable technology is a category of electronic devices that can be worn as accessories, embedded in clothing, implanted in the user's body, or even tattooed on the skin. The devices are hands-free gadgets with practical uses, powered by microprocessors and enhanced with the ability to send and receive data via the Internet.
Types of Wearable Gadgets
Wearables comprise four main categories: smart glasses and headgear, smart watches, wearable medical devices and fitness trackers. All of these have three enabling technologies that make them smart:
- Sense and translate data;
- Collect and prepare data for transmission; and/or
- Transmit data to off-site storage for processing and reporting.
Smart glasses and headgear e.g.Google glasses and Samsung’s Gear VR; |
Fitness trackers e.g.Fitbit, Nike FuelBand, and Microsoft Band; |
Smart watches e.g. Apple and Android watches and ; |
Wearable medical devices e.g.Medtronic Continuous Glucose monitoring system and the ZIO Wireless Patch; |
Smart clothing and accessories e.g.Visijax products, Levi's Smart Jacket |
Are there security concerns with wearables?
The increase in the number of applications available for smartwatches will create new opportunities for fraudsters to compromise wearable devices for access to highly valuable personal information.
Many wearable products are able to track more than the simple information for which they are marketed. Two examples of this include:
- High-end fitness trackers that can track not only steps but other health vitals and even offer email and social media functionality and connectivity; and
- Smart watches that offer mobile payment functionality via transmission (e.g. paying for your Starbucks without lugging around your wallet).
Wearable Technology Security Issues
The risks posed by wearables are broadly classified into three “classes”:
- Cyber;
- Bodily injury; and
- Technology errors and omissions
Each risk class poses its own problems the following sections will look at the business risks list approaches to minimize those risks. Wearables linked to mobile devices, which are in turn linked to a corporate network can put organizations to risks of attack. Even though the wearable itself may not be the primary target of an attack, its link to a mobile device creates another point of entry for cybercriminals to exploit, especially since wearables security is a relatively a new frontier. Information that can be stolen and exploited includes real-time geolocation information, emails, contacts, and other proprietary information on the device.
Wearable technology security issues to businesses:
- Signal interception:an employee brings his own smart glasses to work, which is connected to his smartphone. His phone, in turn, is connected to a company network where sensitive data is stored. A thief can intercept the Bluetooth from the smart glasses display to a cloud data store and steal sensitive data.
- Corporate espionage:an executive enters his building wearing a wireless identity authenticator. A similarly dressed corporate spy can enter a few steps behind him armed with a wireless signal interceptor. After capturing the executive’s unencrypted PIN number from the electronic signature, the spy can now move about the building with all the permissions the executive enjoys, including access to intellectual property, which he can then sell to competitors.
- No Regulation or Compliance: Companies who suffer a data breach that breaks compliance or regulatory requirements for their specific industry will not be able to blame on the wearables. They will still be held fully accountable. Ignorance of wearable device security and manufacturer or third-party app policyis of no way to defense.
Wearable technology security issues for consumers
From simple fitness trackers that connect to a mobile phone, to stand-alone smartwatches, potentially sensitive personal and sometimes financial information is being passed to the app and to the manufacturer. Users may be asked for access to their files, location, contacts, camera and personal information (age, height, weight, and gender).
- Easy Physical Access to Data: The fact that many wearables store data on the local device without encryption is a real issue. There is often no PIN or password protection, no biometric security and no user authentication required to access data on a wearable. If it falls into the wrong hands, there is a risk that sensitive data could be accessed very easily.
- Ability to Capture Photos, Videos and Audio: It is easy for someone to take photographs or record video or audio files using something like a smartwatch or smart glasses. Secret capture of confidential information, and videos and images of sensitive data, is a very real possibility.
- Insecure Wireless Connectivity: The fact that wearable devices tend to connect to our smartphones or tablets wirelessly using protocols such as Bluetooth, NFC and Wi-Fi creates another potential point of entry. We may have Bluetooth on our smartphones turned on all the time. Many of these wireless communications are insufficiently secure to guard against a determined brute-force attack.
- Lack of Encryption: Some third-party apps neglect basic security standards and send or store information that is not encrypted. The kind of data that is automatically being collected by wearables is very valuable to the right people.
- Patching and Vulnerabilities: Many wearables run their own operating system and applications. The same principles that apply to keeping the software on your desktops, laptops, smartphones and tablets fully patched and up to date to avoid the latest vulnerabilities also apply to wearables.
To minimize wearable technology security issues, businesses should look for the following features in the wearables they allow and, if they cannot find them, they should demand them from manufacturers:
- Custom security levels: give users the ability to choose the security level they are comfortable with when they install their device or pair it with their smartphone. Users seldom consider security when wearing their devices, so defaulting to the least secure settings opens vulnerability for hackers to exploit.
- Remote erase feature:enable wearable users to remotely erase and/or disable their device if it is ever lost or stolen. Wearable device manufacturers should consider offering the same feature.
- Bluetooth encryption:Bluetooth offers an encryption API when exchanging data between a device and its target data store, but few companies take advantage of it because it decreases battery life.
- Encryption of critical data elements:the most critical pieces of data transferred between wearable devices and data stores are user IDs, passwords, and PIN numbers. Incredibly, most wearable devices transmit these data elements in plain text with no encryption at all.
- Cloud security:data is often transmitted from a wearable device to a smartphone and then to a cloud data store. Virtualized clouds can secure data with multiple diverse operating systems, each operating within a different security context. Wearables manufacturing companies should consider similar functionality and your business should demand it.
Example cases:
- Ecommerce site shutdown:a smart watch user connects to a company network. The smart watch is infected with malware, due to vulnerability in the device software. The malware infects the corporation’s network, executing a DDOS attack, shutting down the company’s e-commerce system for two days.
- Virtual reality device software failure:a trucking company contracts with a training company that uses wearable virtual reality devices to train long haul truckers for their Commercial Driver’s License (CDL) certification. A glitch in the device software prevents completion of the CDL program, resulting in the trucking company not having an adequate number of drivers. The trucking company fails to complete shipping contracts, losing revenue and customers. Additionally, the training company suffers damage to reputation and a loss of business.
The security challenge with wearable devices is by no means undefeatable, and the wearable trend will undoubtedly be a real boon, but it is important to treat it more seriously. There are several simple steps that users can take to ensure security:
- Opt-in only for the information required for use of the app.
- Leverage the highest level of security offered, such as biometrics.
- Practice good password hygiene if passwords must be used, including not reusing passwords across multiple applications and changing passwords periodically.
- Be knowledgeable about phishing attempts to get information from those appearing as their manufacturer.
- Don’t click on links in emails or texts unless you are sure they are from a trustworthy source.
- Download software updates when they are available