We Need to Prioritize Adding Advanced Security of Wearable DevicesSeptember 14, 2021
Article by Emily Newton
The wearable devices market is booming, with more makes and models continually arriving in stores and on websites. Many people view these gadgets as fun conveniences that can help them stay more organized, track their health and more.
Unfortunately, wearable device security is not usually a top-of-mind concern during product design and development. However, it makes good business sense for engineers, manufacturers and others to take safety seriously from the start.
Many wearables have location-tracking features for convenience. For example, a person can download Google Maps on a smartwatch to get navigation information when walking to a new restaurant. However, advocates have pointed out that it’s too easy for domestic abusers to wreak havoc on their partners due to poor security controls on the devices.
One study of users of a domestic violence support organization in the United Kingdom found that 72% of respondents said they’d experienced tech-related abuse. Plus, a journalist carried out an experiment whereby his wife could figure out his location by changing a few app configurations after using his PIN to access his phone. The apps that allow that appear on many wearable devices since Apple and Google make some of the tested products.
However, in another case, a domestic violence organization designed an app for smartwatches and other SIM card-based devices that allows a person to record what’s happening and send it to trusted parties. In a trial, only one of the 3,000 alerts sent by the app required police intervention. That result suggests that friends and family could play crucial roles in keeping tense situations from escalating.
The people making wearables should think about potential ways perpetrators could exploit location tracking or other features that could disclose a device owner’s location. For example, sending email alerts about new account sign-ins or settings changes could alert them to a partner trying to spy.
Wearable medical trackers have spurred significant progress in helping people stay healthy. For example, some versions alert providers to problems like blood sugar abnormalities and heart rhythm irregularities before they become emergencies. Related research concerns the energy harvesting market. Statistics indicate it should achieve $2.6 billion in worth by 2024.
Imagine if someone could keep a device charged by simply walking or breathing. That’s not a far-fetched idea. Researchers from multiple organizations are collaborating to work on self-powered devices worn outside or even inside the body. They believe these gadgets could lead to more accurate medical tracking and better user convenience.
Problems stemming from poor wearable device security could overshadow the benefits, though. In 2018, researchers from an engineering academy warned that a growing number of connected health products, including pacemakers, are at risk of being compromised by hackers.
Indeed, cybersecurity researchers have already publicly shown they could take control of pacemakers and insulin pumps to change their functionality. People familiar with these flaws also mention how cybercriminals could break into a network and affect everything connected to it. That could become a significant problem for a location that invested a lot into medical-based wearable technology, such as a hospital.
As people hear about data breaches and instances where cybercriminals remotely control smart home equipment and wreak havoc on the owners, many become more concerned with the worst things that could happen. Wearable devices understandably may elevate people’s worries. They don’t like the idea that an unknown party could manipulate gadgets on their bodies.
Manufacturers have also developed wearable trackers for pets that let you find them promptly or even communicate with them through a built-in speaker. That’s an example of how wearable technology is not just for people. As the potential use cases increase, so could the risks caused by inadequate security.
However, if a manufacturer prioritizes wearable device security, it could become a market differentiator. That entity could also get ahead of the curve regarding upcoming legislation. The United Kingdom government intends to propose a regulation for consumer Internet of Things (IoT) device security by the end of 2021.
If that happens, it could have a ripple effect in other markets. After all, it may become prohibitively costly to make more secure devices for U.K. consumers and others to sell elsewhere. Plus, similarly to how people often look at specifications sheets before buying smartphones, they may begin checking the details of wearables to see how secure they are before buying them.
When wearable technology was not yet part of the mainstream, some people decided that the devices were out of their budgets. However, as more companies began creating them and competition increased, prices got more reasonable. Now, people can choose from numerous brands and find many options under $100. That relatively low barrier to entry means it’s easy for people to see what wearable devices offer for a reasonable cost.
However, the downside is that those gadgets may become among the favorite targets of cybercriminals. The goal of a hack is typically to have a widespread effect. That could be as straightforward as targeting a well-known smartwatch model and scrutinizing it for vulnerabilities.
Researchers from The University of Texas at San Antonio developed a real-time system that can tell precisely when and where IoT devices get hacked. That could mean if criminals do set their sights on wearables, they won’t gain as much ground as expected. However, the team said that in July 2020, there was a 200%-400% increase in malicious IoT activity during a month-to-month analysis. The data also showed this is a global trend and not restricted to the United States.
However, a positive development is that increased consumer interest in wearables can also spur more cybersecurity research into the most substantial security flaws and how to address them. If that happens, a progressive and collective effort could make these gadgets harder to target successfully.
Most people who buy wearable technology don’t consider taking specific steps to keep those gadgets safe. That’s why designers and manufacturers must take a security-first approach with the products.
Currently, the push is typically to get the items on the market as quickly as possible and deal with any cybersecurity later. However, it’s time for a change whereby the parties making these gadgets available take security seriously from the start. They should also instruct buyers about additional measures to take, such as setting up multifactor authentication. Such efforts show hackers it’s not worth targeting wearables. However, there’s much progress left to make before reaching that point.
About the Author
Emily Newton is the Editor-in-Chief of Revolutionized, where she covers industrial, engineering, and science topics.