The Internet of Things (IoT) uses a network of connected smart devices that can interact with the cloud and with each other to improve productivity and amplify a gadget’s performance. From using your smartwatch to turn on lightbulbs to using fitness tracker data for treatment—an interconnected loop of smart devices can bridge the gap between physical tools and our digital lifestyle. According to a VMR study, the global IoT market will reach $154 billion in 2028, up from $45 billion in 2020.
However, rapid innovation in IoT has pushed security to the backseat. IoT security is fundamental in ensuring interconnected devices, especially smart wearables, are widely accepted around the globe. Wearable smart devices such as smartwatches, jackets, glasses, shoes, and gaming bands have risen in popularity but they’re also not completely secure by design.
How do smart wearables work?
Wearable smart devices work as endpoints in a connected network that receives a wireless connection with Bluetooth or WiFi. They are very convenient to use but the security has been traded for convenience. For instance, smart devices rarely require PINs or biometrics to access, which means that if a threat agent gets physical access to a device, they can easily exploit the data.
If we perceive IoT-enabled weartech as endpoints, then these devices can be used as a backdoor to your mobile phone or other devices in a network. On top of that, wearable smart devices lack end-to-end encryption and industry standards to regulate how they process user data. This presents a significant challenge to organizations looking to strengthen their IoT security.
Popular wearables and IoT security risks
Smart wearables come in many shapes and forms — from fitness trackers and smart rings to smart belts and jewelry. We’ll discuss the most popular ones and the risks they carry.
Smartwatches and fitness trackers
Smartwatches and fitness trackers have greatly improved workplace productivity and made it easier to reach personal goals. However, the wearables on the wrist lack proper authentication, which means the devices have no way to tell if an access is legitimate or not. On top of that, the lack of two-factor authentication and strong passwords make them easily hackable. These devices track anything between day-to-day calendars, schedules, locations, heart rates, steps taken, and other crucial health stats. In the wrong hands, these devices can be used to extract sensitive data and create a loophole to access mobiles and laptops connected with them.
Smart clothing has quickly caught up as weartech and it’s easy to see why. Smart clothing such as jackets and fitness gears use “embedded sensors” to track body movements which can help meet fitness goals. The risks, however, are valid as well.
For example, a smart jacket can track a user’s hand movements, palm rest frequencies and typing patterns, heart rate, and body temperature. Hackers can tap into the wireless thread between a mobile and smart wearable to capture packets of data that can be used to crack passwords or learn more about the user.
Smart glasses are poised to go mainstream after renewed interests from Google and Meta. Facebook recently launched Ray-Ban sunglasses that can be used to capture visuals and post as stories on social media. On paper, it sounds so simple and convenient for the user. But the always-on nature of such glasses means that there’s no boundary between what’s public and what’s private. Compromised smart glasses can be used to bypass consent and record videos of others which can be used to build profiles or steal critical information. From capturing card PINs at checkout to noting down personal preferences, everything can be used to launch phishing and brute force attacks.
Smart shoes are a niche phenomenon, but they’re one of the riskiest IoT gadgets being used today. They’re essentially a research center built on feet to track user movements, running performance, location, comfort, and other health data. Companies use this data to build better footwear but not everyone can afford to prioritize security and privacy. Right now, brands like Nike, Puma, and Under Armor are investing huge amounts in limiting user access and strengthening authentication. But when the smaller brands decide to eat into their share, they’ll cut corners. Since convenience and designs will be the USPs, security under the hood will suffer.
How can a consumer or organization be hacked with wearable smart devices?
Each of the security risks can compromise both home networks and business ecosystems. Since the data used for the cyberattacks are incredibly precise and personalized, there will be an increase in cyberattack success rate. If you’re worried about IoT security risks of wearable smart devices, look out for the following issues:
From smartwatches to smart home speakers, any device that has microphones for user interaction can be exploited for surveillance. Hackers can use wiretapping to listen to conversations and steal critical information.
Wearable smart devices are not always the primary target of hackers, they often use these devices as a gateway to the wireless network. Mobile apps or desktop endpoints that control wearables can easily be infiltrated to steal data packets. If you detect unusual network traffic or location activities, take steps immediately.
As mentioned earlier, a lot of smart devices will be used to validate extended reality (XR). To achieve this, smart glasses will keep recording surroundings to either post on social media or build VR. Unrestricted and unsuspecting camera access can be one of the most potent tools to invade the privacy of others and steal sensitive information.
Lack of encryption
Smart wearable companies rarely use adequate encryptions to protect user data. Thanks to a lack of regulations, unencrypted data can be easily exploited on-site or in the cloud.
Protecting privacy: BYOD best practices
Employees are using more smart devices than ever before to complete tasks and wearables are part of it too. This brings a renewed focus on bring your own device (BYOD) programs that cover all employee gadgets. Since Mobile Device Management (MDM) rarely covers smart wearables, overhauling the BYOD strategy is the only way to strengthen IoT security in workplaces.
Here are some best practices for BYOD and IoT:
- Document company requirements and limitations to chart a BYOD strategy that doesn’t ignore IoT risks
- Track BYOD usage data of users by analyzing network traffic, app sessions, and data access
- Educate the workforce on the implications of leaking sensitive data and empower them to follow best practices
If you don’t have a solid BYOD strategy, wearable smart devices can lead to data theft and frequent cyberattacks. To know how you can close security loopholes created by IoT devices, get in touch with MyTek today.