Hackers and data thieves could target wearable devices: Internet Scambusters #689
Wearable devices are a big thing in technology at the moment.
But developers may be neglecting security at the expense of adding features, both to the devices and the software that uses them.
In this week's issue, we explain the dangers and what you can do to minimize the risks of being hacked or losing data to crooks and data brokers.
Now, here we go...
Wearable Devices Could Pose Security Threat
Wearable devices -- smartwatches, microchips or miniature computers that you wear -- could soon become targets for scammers, hackers and unscrupulous data brokers.
This type of equipment is becoming increasingly popular -- not just in the shape of intelligent wristwatches but also built into glasses and even clothing.
But in the early days of this technology, we can't always count on manufacturers to give priority to making them safe from "intruders." That, say security experts, means they could be vulnerable to hack attacks.
In a report published last year, Internet security outfit Symantec noted that wearable fitness and personal health devices would be a $5 billion market in 2016.
These include devices that measure our steps, blood pressure, heart rate and other intimate medical data. With more devices on the way, the firm said, "there is an obvious security and privacy threat."
Already tests, or what security techs call "proof of concept," have demonstrated "significant vulnerabilities in many devices and applications in this area."
And in June last year, there was even a special forum dedicated to the hacking of wearable data.
According to security firm Fortinet, one of the best-known health trackers was capable of being hacked in just 10 seconds.
It claimed crooks could then gain access to any computer the device subsequently synced with and that the vulnerability would remain even if the device was reset.
However, the manufacturer subsequently denied these allegations and said there was no evidence of their device being used for malicious purposes.
Regardless of who is right, the claim and subsequent denial underline the fears and uncertainties about security risks in the wearable device market.
And, it's not just that hackers could gain access to these devices. The real threat could lie in the personal information they transmit that could fall into the wrong hands.
For example, a review of more than 100 personal-health, smart-device apps found that 20% of them transmitted information to third parties without encrypting, or disguising, the data; and more than half did not seem to have any published privacy policy.
Most of the apps also transmitted this data to an average of five recipients, mainly providers of advertising and analytical services.
Symantec warns: "The potential exposure of personal data from health-monitoring devices could have serious consequences for individuals, for example, if insurance companies started to use the data to adjust premiums, if people used hacked location data to track other people without their knowledge.
"In a fast-moving and early stage industry, developers have a strong incentive to offer new functionality and features, but data protection and privacy policies seem to be of lesser priority."
The same report from Symantec points out that medical devices are also "notoriously insecure and easy to hack, as has been demonstrated for pacemakers and insulin pumps."
But, as the firm points out, fortunately no actual hacking cases of these devices have been reported -- yet.
Users of wearable and medical devices currently are limited in the actions they can personally take to protect themselves against both hacking and data theft risks. They are in the hands of the manufacturers.
But being aware of the danger is the first important step in the right direction.
You should also:
- Look for, request and read any privacy statements that come with your products.
- If using a health app, check for information about whether any transmitted data is encrypted and to whom it is transmitted.
- Run an Internet search using the name of your device and words like "security" and "hacking."
- Look out for anti-virus and anti-hacking protection software as it becomes available for smartwatches.
For now, hacking and data theft from wearable devices are more of a threat than a current reality. But you can expect that to change as the industry grows.
As the organization behind last year's wearable hack event noted: "The data from wearable tech, smartphones and smartwatches are really the most personal data ever.
"Our mobile devices accompany every step we take, every move we make. A plentitude of sensors on the devices draw multidimensional pictures of our daily lives. Applications of wearable data range from fitness to retail, from automotive to health.
"There is hardly an industry that cannot make direct use of it. And yet, wearable apps are still in their childhood."
Alert of the Week
Did you receive an email or spot a Twitter or Facebook posting warning that crooks wedge coins into car passenger door handles to disable central locking?
Although it's theoretically possible in some older cars, wedging coins in this way really isn't sufficient to disable locking, say car makers. Even if it was, the driver would receive a dashboard warning that a door was open.
The warning is just a piece of Internet mischief, so resist the temptation to comply with the request to forward it to others!
That's all for today -- we'll see you next week.
Leave a Reply