Wearable devices may connect to broad ecosystems that contain reams of personal data.
The adoption of wearable technology such as smartwatches and fitness trackers has grown massively in recent years. These extremely popular wearable devices provide users with a wealth of advantages, including staying connected, monitoring their sleep patterns, measuring their exercise, and accessing other health information. As people grow more conscious of their health, they are more inclined to monitor themselves much closer than ever before. Many people have jumped on the bandwagon, and now, we can see almost every other person on the street donning such devices. In fact, according to research firm International Data Corporation India (IDC), the wearables market in India actually had record-breaking double-digit growth in the first quarter of 2022, with shipments surpassing 13.9 million devices.
Wearable technology has been popular among the younger generations, and as technology advances, this trend is certain to continue. Digital wearables, however, pose unique threats to the security and privacy of customer data.
Wearable devices collect a lot of information. But what happens to the information after it’s collected? It may not stay on the device at all, and that paves the way for a complex network of vulnerabilities of systems that expose data that many users would prefer to remain confidential.
Consider a fitness tracker – the device itself might collect data about where and how hard we worked out, but it’s usually stored on cloud-based services. Those services may integrate with applications that might also collect information about what we eat, how much we weigh and the general state of our health. In addition, the apps themselves might also hold credit card information for payment purposes.
“By connecting a wearable to an extended ecosystem, one is exposing a larger attack surface,” said Aiyappan Pillai, IEEE Senior Member. “Cybersecurity experts look at this as a supply chain that includes a data generator, an analytics engine and a service provider. Each link in the chain, including the connecting networks, presents a potential risk.”
The Risk
Most criminal intrusions of computer networks have a financial motive. That may lead people to conclude that wearables have a low cybersecurity risk. But wearables data, especially in healthcare settings, is often tied to financial information.
“Depending on the organization from which it was obtained, stolen health data can be extremely valuable because it often includes so much personally identifiable information – including birthdays, email addresses and other login information, that can be used for identity theft purposes,” said IEEE Senior Member Kevin Curran.
Hospitals, for example, might maintain extensive databases of personally identifiable information for billing purposes. Hence the rise of wearables, implants and other connected devices adds a new dimension to cybersecurity risk.
“Having such a large and diverse array of devices connected to the network will mean that there will be countless connected endpoints in each hospital. If proper visibility of the network is not achieved, then each endpoint will represent a potential vulnerability to try and exploit for cybercriminals,” Curran said.
What should consumers look for in a device?
Curran said consumers should try to buy wearable devices from reputable manufacturers.
“The key security weakness of wearable devices can be their lack of security updates,” Curran said. “There is no legal requirement for wearable manufacturers to provide a roadmap of security updates for a specified period. However, the larger the manufacturers are, the more likely they are to provide patches in the future.”
App designers need to also ensure user-friendliness while incorporating security measures that cater to all categories of users, including older patients that may not have familiarity with newer technology.
Some security features that consumers should look for include “strong multi-factor authentication methods for device access, which may be biometric, such as fingerprint voice recognition, iris recognition, passwords and location-based authentication.”
For makers of wearables, building secure products will be key to success as security challenges grow.
“Security issues will consume even more resources by overhead data and processing,” said IEEE Senior Member Vicente Ferreira de Lucena Jr., “We need more efficient procedures, without losing their reliability,” she further added.
The article is authored by IEEE.