Nowadays wearable devices, especially fitness checking devices, are very much in vogue. However, security and technology experts are prompting warnings about the vulnerable nature of these devices to cyber-attacks.
According to the estimation of the International Data Corporation/IDC, around 72.1million wearable tracker devices like Samsung Gear, Apple watch, Nike Fuel, Fitbit, and Jawbone will be shipped in 2015. This means the demand for wearable devices will see an enormous rise from 26.4million units in 2014.
IDC’s report suggests that there is every possibility that the category of wearable devices might also increase to the 155.7million unit by 2019.
UAE-based experts warn that with such massive demand comes the danger of hacking. Mohammed Djenane, the security specialist at ESET Middle East, states:
“There are several tracking devices out there in the market and not all them are designed with proper security measures in places. Even some of the most trusted devices report the data to a command-and-control server, something like a back door that is vulnerable to attacks. We’ve recently witnessed that with a very legitimate vendor, as well.”
Naturally, users feed their personal information constantly into their devices, and this data is later stored in servers due to which it becomes vulnerable to cyber-attacks.
Djenane says: “With obscure brands, you don’t have any idea about what is being done with your data. You have set up a profile with your full name, address, telephone numbers, your health status and enabled the GPS, giving the hacker important information. Users also need to be careful about the apps they install. They may have back doors.”
In a study from Symantec titled “How Safe is Your Quantified Self,” similar dangers have been identified. The experts found that all wearable activity tracking devices even those from most sought-after brands are prone to location tracking. According to Symantec’s report, although the wearable device help users in tracking their fitness goals, these become vulnerable to hacking when these start sharing data you feed without your consent, for instance, Wi-Fi or Bluetooth Low Energy Interface.
Where Djenane suggests that users should purchase a device that let them disable syncing option, Symantec informs that 52% of the apps that the team checked didn’t offer privacy policies that answered crucial questions like What data is collected? Who receives and collects the data? How long is the data stored?
Djenane also seconds the notion that prudence is imperative to ensure safety specifically while creating profiles. He says, “Do not reveal your true identity when creating profiles. If it is not required, don’t put your name or mobile number.” However, he also recommends that researching the mobile app of the device is important.
“See what the app is and what privileges will be required from your devices. I don’t see the need for such privileges as calendar access and contact book access. My advice would be to stay away from such wearables.”