0370 270 6000

Wearable security

4 September 2018

How secure is your fitness tracker? (Not to mention your smartwatch, sleep tracker, smart shoe insoles and wearable Bluetooth keyboard). It’s something that many of us give little thought to, but perhaps we should be more concerned.

While most of the big names in health tech take security on wearable devices seriously, there is often a rush to get new products onto the market quickly and some devices may lack basic security. Yet, as we know, these devices collect personal and comprehensive data about the wearers: how they sleep, where they travel to, whether they are feeling stressed and how much they exercise. Multiply this by the 780 million wearable devices that are predicted to be on the market by the end of 2018 and we are talking about a significant pool of data which could be ripe for theft.

While the benefits to users of wearable tech are usually clear, it is not immediately obvious what value such data might hold for potential hackers and fraudsters. Yet some security experts say that the data has more value than that of a stolen credit card on the black market. One reason is that wearable data is often both personal and permanent, for example your date of birth, which, unlike stolen credit card details, cannot simply be changed in order to stop the fraud. Data from smartwatches may be even more valuable than data from fitness trackers, as demonstrated by one experiment which showed how the accelerometer, gyroscope and magnetometer data from a smartwatch could be used with an algorithm to predict bank card PIN numbers solely based on tracking how the wearer moved their hand when entering the numbers.

A report by the Royal Academy of Engineering looked at the cybersecurity risks associated with connected health devices, such as ransomware attacks which could, for example, interfere with the operation of a patient’s wireless automated insulin pump. Such cyberattacks could have severe or even life-threatening consequences, although the likelihood of such an attack may be low. The report warns that companies need to better understand the risk of using devices with poor levels of security and suggests lessons can be learned from other sectors, such as industrial control systems.

Organisations using or considering introducing wearable tech would be well advised to demand products with adequate security protection and to make sure they understand the vulnerabilities in components and devices that are provided by their supply chain.

Mailing list sign up

Select which mailings you would like to receive from us.

Sign up