Security Concerns Related to Wearables
It seems like almost everyone is walking around with an Apple Watch now. But what are the security concerns related to these devices?
Join the DZone community and get the full member experience.Join For Free
Wearable technology is skyrocketing in popularity, and projections indicate that it will continue to do so. There were 87 million wearables online in 2015, and Cisco estimates that the number will jump up to 600 million by 2020. Fitness trackers, smartwatches, and head-mounted displays are common wearable choices right now, but it’s only a matter of time before even more connected devices are made available.
Wearables aren’t only for personal use, though, as forward-thinking organizations see them as a way to boost efficiency, enhance communications, and improve workflow. What both organizations and individuals need to keep in mind is the inherent security and privacy risks that accompany these devices.
Considering all the information that a wearable can track, it’s important to know where that information is going. Soon there will be millions of wearables recording user habits, purchasing choices, personal details, and daily communications.
All that information is highly sought after by advertisers, marketers, app designers, and many other third parties. There’s a significant financial incentive for parties to obtain this information, as they can use it to increase their own profits.
There’s no certainty regarding how secure information collected by wearables will be, and who will be able to access it. Whenever data is transferred between parties, there’s also the possibility of hackers intercepting that information and using it for fraudulent activities.
Easy Physical Access to Data
A serious security concern with wearables is the lack of security on the devices themselves. Many wearables store the data they collect without any encryption or security measures, such as a PIN, password protection, biometric security, or user authentication.
Without any protection method to lock the wearable, the contents of the device are available to anyone if that device is lost or stolen. Whoever obtains the wearable could potentially steal all the data on it, because wearables can store all that data locally.
Insecure Wireless Connections
Wearables typically connect to smartphones and tablets wirelessly using Bluetooth, Wi-Fi, or NFC. This leaves both devices vulnerable, as those communication methods often aren’t secure enough to protect against a brute-force attack by a determined hacker.
Not only can this connection method jeopardize information on the wearable, it can also jeopardize information on the device to which it’s connected. Keeping Bluetooth switched on with a smartphone or tablet can increase the vulnerability of that device. If hackers break the Bluetooth link, they may be able to access device data, including reading sensitive notifications.
When a wearable is connected to a smartphone or tablet, there’s a constant wireless transfer of information. The connection type may not be secure against hackers, which means at any point a hacker could intercept and steal the data.
Lack of Patches
One of the ways that developers protect your computer, smartphone, and tablet from data breaches is through patches. When there’s a vulnerability, developers fix it and release this fix as a patch. Wearables also have their share of vulnerabilities, but there is currently a lack of insight and policy regarding security patches.
Since wearables have their own operating systems and applications, they’re easier targets for hackers. But many wearable developers don’t have any sort of system in place to deliver patches and updates.
The small size of wearables is an issue here. That compact size means they have small processors, so there’s less room for security measures. They also don’t connect to the internet as much as a computer or smartphone, so there aren’t as many update opportunities.
There are ways that you can protect your organization from security concerns related to wearables. Make sure you opt out of data sharing for any company wearable devices and connect wearables to other devices for as little time as possible. Only allow your most trusted employees access to sensitive information and areas of the company, and implement a “no wearables policy” when employees view that information or go to those areas. You can't eliminate security concerns, but you can significantly reduce them.
Opinions expressed by DZone contributors are their own.