There’s no doubt that wearable technologies have the power to enrich our lives and transform the way we interact digitally. With continuous development and gaining market penetration, the future undoubtedly looks bright for wearable devices. However, while devices are getting smarter, it does not necessarily mean they are secure.
Take fitness trackers, for example: whether it’s monitoring your early morning run, keeping tabs on calorie intake or simply checking your heart rate, they bring a host of benefits. However, while they help us manage our physical activity and stay in shape, they also have the potential to put our security at risk – after all, they are effectively extensions of our mobile devices. Although the functionality and style of these products can be simple, they have the potential to accumulate personal and sensitive medical information that could be used to compromise our privacy.
Research conducted by one of my colleagues, Roman Unuchek, uncovered some surprising results about the security of wearable technology. After downloading an accompanying smartphone app so that he could partner this with his wearable fitness device, Roman discovered that he could connect with other fitness devices that were not his own. After realising that this belonged to a colleague, he decided to examine how secure it actually was.
The blind connection was made possible because the devices use Bluetooth LE technology to connect and so do not require a password – there’s no screen or keyboard with which to enter this information. Once connected, he had ample chance to gain access to the other person’s data.
In the devices he investigated, the data that could be extracted was limited to the amount of steps taken by the owner in the previous hour. While this might seem innocent on the face of it, it’s important to think how this might change. As these next-generation fitness bands become capable of collecting a greater volume of more varied data – the risk of the owner’s sensitive medical data leaking will increase significantly. Apple’s ResearchKit platform highlights the ‘Internet of Things’ i.e. can give healthcare professionals and scientists access to a broad range of data for research purposes. However, as we enter a world in which so much personal data can be gathered by sensors that we carry with us, it’s important that there are safeguards to limit who is able to collect such information. Personal information should be available only to those that we explicitly choose to share it with. So the onus is on vendors (in this case Apple) to ensure that unauthorised third parties are not able to exploit personal information.
Smart devices are only going to get smarter, and with that comes the imposing threat of rogue connections and consequent exposure of confidential data. Regardless of the vulnerabilities that may exist, or the type of connected device to which we entrust our personal information, we must recognise the potential for our data to be compromised if vendors do not take adequate steps to safeguard it or if we do not protect it accordingly.