Watch what you wear: The pitfalls of wearables security

growing number of devices are capable of connecting to the internet to enhance our lives in some way – be it by linking us with people over vast distances or by simply supporting our everyday needs and wants.

To this end, apart from smartphones, no devices are more widespread than smartwatches and other wearable devices, as they can create more immersive data-tracking opportunities, as well as serving as powerful reminders of status and as fashion statements.

And while supporting provocative and powerful fashion statements should invite a lot of design-minded people to these devices, understanding the risks that come with using such a device must be understood by everyone.

As diverse as a fashionista’s wardrobe

Wearables can sport many forms and serve a variety of functions, from watches used to support the functions of our phones, to rings or fitness bands used to track our pulse or our oxygen levels, to glasses that can enhance our reality through artificial means.

In a way, these devices are just as diverse as a fashion model’s wardrobe, hence why it is no wonder that there has been such widespread adoption.

According to recent research, the wearable market is expected to grow even more, around 12.9% from 2023 to 2030, with the current market size already being 71.91 billion U.S. dollars.

With the best-selling products belonging to the categories of wrist-wear and eye- or headwear, one needs to be aware of the security risks from usage of such electronics.

And boy oh boy, if you thought that modern phones were vulnerable, wearable devices present even larger security risks, not only from a consumer perspective but also from a small and medium business or enterprise one.

Your personal health file – a free for all

A modern age requires modern risk assessment, which is the reason why people should be more aware of the troubles their devices might cause from a security perspective. The more people adopt wearable devices capable of connecting to the internet, the more cybercriminals will try to access personal information on or through them. After all, criminals are looking for platforms that provide scale.

There are countless individuals who enjoy running with the latest in sports watches and smartwatches, with year-over-year growth of 30%. The fact that these devices can track and report on their owners’ health metrics poses just one of several concerns. Previously, such health data was usually only relevant to the users or their doctors. Nowadays, that data can end up in the hands of third parties, who might sell the information or leverage it to create personalized adverts. In the worst-case scenario, a criminal might misuse that data to track a person’s location, habits and more with great accuracy.

Concurrently, having these device types also potentially connect to company networks can create unnecessary security risks for businesses, as these wearables often seek to share their online connections with their phone counterparts, creating a potential vector for a cyberattack.

Similarly, the same type of phishingvishing or smishing attacks that spread throughout the digital world also present very real threats to our wearable watches since, very often, their functionalities now mirror those of a phone.

Further security concerns

To complement the above, many security experts warn that smartwatches, for instance, are very often lacking in their user authentication methods, not prompting users to create strong PINs or passwords to unlock their devices. And even if they do, these measures are often weak, as said devices do not provide the same set of processing power to provide complex authentication measures as phones do nowadays. Nonetheless, any password is better than no password.

Similarly, data storage is also a concern, with watches now sporting their own file drives and locally stored data often lacking encryption or worse, using cloud solutions to migrate said data, which could be rather easily compromised by a man in the middle (MITM) attack, for example. The same can be said for the Bluetooth connection between the watch and the phone, as simple sniffers are able to intercept data transfers from watch to phone or vice versa.

All is not lost

Thankfully, there are ways to make our use of wearables more secure. As with anything else, user error is the most common cause of successful attacks, so educating oneself on practical ways to mitigate this can go a long way.

Here are five simple steps:

  1. Regularly check for software and security updates on your watch.
  2. Review your app permissions.
  3. Create a PIN or a password access code.
  4. Be mindful of what you save on your device.
  5. Bear in mind some basic cybersecurity measures.

All in all, these five steps should provide some basic paths to improved security; however, caution is still advised when using any wearable device.

Android device users should prioritize the use of a mobile security app like ESET Mobile Security and remain vigilant when downloading apps from third-party developers, who often offer custom apps in the Google Play Store or even in app stores like Garmin or the Huawei AppGallery.

by Mark Szabo, ESET

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s