Wearable technologies promise to be one of the technology trends of 2015 that will receive a great deal of attention from the mainstream technology press thanks in large part to the major corporate players looking to enter that field, including Apple and Samsung. The first series of apps that will be available for the Apple Watch, which will hit markets in mid-April, was recently announced by Apple; only one of these 24 programs is related to health and fitness. We’ve talked about the potential consumer benefits of wearables within the past few months here on IPWatchdog which noted that the industry is still in an early stage. Wearable technology still enjoys a novelty status among tech aficionados which is allowing some companies like Apple to cash in with gold versions of its smartwatch which approach a retail price of $10,000 USD. For mainstream consumers, however, wearables are gaining a greater profile but have yet to be fully realized in most sectors, which we saw in our coverage of the 2015 Consumer Electronics Show.
At the same time, we’re seeing a great deal of concern on behalf of businesses and consumers alike about the growing security risks threatening many technologies that are being developed today. Data breaches at financial institutions and major retail outlets alike have cost those organizations hundreds of millions of dollars in the combined cost of responding to threats, reissuing bank cards and developing cybersecurity measures. The issues posed by cyber attacks on networks and communications systems has even prompted federal governmental agencies to work in concert for the development of cybersecurity guidelines that provides a framework to effectively address risks for any organization.
Consumers are very interested in knowing that their data is protected, and not simply their financial account data. However, as wearable technologies and the closely related Internet of Things continue to become more robust, there have been questions raised over the privacy of data created and transmitted by these devices as well as the capability of others to gain unauthorized remote access through a cyber attack. Technologies designed to provide fitness tracking could have the unintended consequence of giving a party gaining unauthorized access to that data the ability to track their movement. While the world awaits the advent of the Apple Watch, we thought we’d focus a wide lens on the wearable tech industry to better understand the various data security and privacy risks they pose as well as activities meant to mitigate those threats.
Fears over the privacy and security risks associated with wearable devices is definitely being felt by wearable device owners and could even slow down the adoption of these technologies by consumers. A consumer report developed by PricewaterhouseCoopers on the topic of “The Wearable Future” found that 82 percent of respondents worried that wearable tech would invade their privacy. A full 86 percent felt that the use of wearable technologies would make them more vulnerable to data security breaches. These concerns are a big reason why about one-third of those people who have purchased a wearable device within the past year no longer use them on a regular basis.
These devices communicate through the use of wireless networks that do not have many data protection standards which are intrinsic to those communication systems. Recently, one security researcher from Internet security software developer Kaspersky Lab discussed how he was capable of performing an unauthorized scan of Bluetooth LE networks used to connect fitness bracelets and smartphones that would have enabled him to gain access to dozens of devices in his local vicinity; this experiment was successfully repeated in Moscow, Cancun and Bellevue, WA.
Once a hacker gains access to a wearable device, what they’re able to do with that access is pretty much only limited to the functions of the device. There have been very few news reports about actual hacking events involving wearables but imagined threats run the gamut from hackers manipulating device functions to extort money to bosses gaining unwanted insights into an employee’s daily life outside of work. This latter scenario could become more of a concern as wearables are more widely incorporated into business environments in coming years. Businesses themselves will want to consider best practices regarding enterprise incorporation of wearable devices in an effort to protect their own sensitive data.
All of these concerns, however unrealized they may be to this point, are having the effect of making data privacy and security a core component of wearable tech products. The current state of wearable development isn’t all that responsive to consumer concerns, however. In its coverage of the Black Hat Europe Amsterdam information security conference, WIRED interviewed a threat researcher with Symantec who reported that just over half of all wearable devices have a stated privacy policy. That’s problematic when considering that some of these devices could establish data connections with up to 14 IP addresses, greatly increasing the risk of data breaches. Consumers will have to be careful to make sure that the wearable devices they buy afford them the best protections possible.
Cybersecurity experts and developers will have to be vigilant in order to adequately address threats and attacks as they arise. Although many fitness trackers and other basic wearables do not include a user interface powered by a software operating system, the major product releases coming from Apple, Samsung and others use systems that are primarily based on the Android or iOS mobile platforms. The issue here is that there are already 4.37 million mobile apps that are either malicious or pose high cybersecurity risks, an increase of 68 percent over the previous year.
GoTIoT
