By Amanda Urrutia
April 17, 2018
If you knew something was tracking your every move—where you’ve been, where you’re planning to go, and who you’ve been talking to—you’d be on high alert, call the authorities, and try to remove yourself from the situation. Our technology does these very activities and yet millions of people dedicate their day to feeding it more information.
According to statistics websites such as Statista and Smart Insights, 103 million wearable devices were sold in 2016, and there were 325 million connected worldwide. This trend is only expected to rise as wearable devices successfully help consumers manage and increase comfort in their daily lives.
One problem right now is that people often don’t understand the risks associated with these wearables. Desktop and laptop computers can be hacked and exploited for information—and so can wearables. Wearable technology as we know it today has not been around long. Learning how it’s used not only to track our information but help in instances of litigation through computer forensic and eDiscovery situations is an ongoing process.
However, wearables are extremely vulnerable to exploitation. We’ll discuss the risks of wearable devices, why they are vulnerable and which sources we should look towards to resolve these issues.
Information Risks of Wearable Devices
Wearable devices are part of an overall category of electronics termed “The Internet of Things.” This category includes items that are always connected online through Bluetooth, Wi-Fi and cellular data, etc. Like all devices that are constantly connected to the internet, they can be discovered and exploited. So, we have to think about what kind of information can be discovered and used. We have an in-depth article about that here. Data stored on these devices can contain some of your most sensitive information—information that could harm you if it was in the wrong hand hands. For instance, if a company is breeched, it could flag compliance issues with PII (Personal Identifiable Information) and HIPAA (Health Insurance Protection Accountability Act).
Many employers use information from wearable devices such as fitness trackers to provide deductibles and benefits to their employees. Each connection to the wearable is a link that must be vetted for security. And one of the major problems is that this data is stored outside of your own internal network of devices. The issue becomes especially serious with smaller companies. Security of these devices is not a new issue but it is an expensive one. Even for the most successful companies, it takes a conscious effort to maintain a secure environment for the data.
One of the most recent cases of information potentially being exploited was uncovered by CNN on Jan. 29, 2018. Fitness trackers worn by military personal were tracking their movements and uploading the data to a heat map for viewing. It was an extremely dangerous situation not only for the individual soldiers on their routes, but for the entire military base which could be stationed in a classified area.
Reasons for Wearables Vulnerabilities
So why exactly are these wearables so vulnerable?
Sources and Solutions for Wearable Security
Where can these attacks come from? Well, it can either be targeted directly at your device, or it could be an existing infection on another one of your synchronized devices. It could also be the parent company of the device or the company providing updates. If they have been compromised, they could easily send out a fake update that infects any user that installs it without knowing.
Additionally, we need to learn to manage where all of this data is located. As new devices cycle into our lives, we need to be aware of the trail of information. In an interview with TechRepublic, Conan Dooley, senior security engineer at Box, talks about the major pitfall of wearable devices. "There is an opaque bubble around all of this data and what we do with it. Until we give people more access to their data and, frankly, the option to delete it, this thing has grown more personal as a result,” he said. While deleting data is a complex situation itself, it is a growing issue that must be addressed as more companies enter the marketplace and other risk shutting down or foreclosure. What is the lifecycle of that information?
It is up to the consumer to hold these companies accountable, make conscious decisions when purchasing these wearables and to raise the questions of security as they become more mainstream.