As wearables become part of our daily lives, they also become a bigger target for cybercriminals.
Who does not remember the popular song of the Police "Every breath you take,… every step you take, I'll be watching you". Indeed, every breath we take, every step we take, is recorded by our fitness tracker, says Phil Muncaster of the global cybersecurity company ESET.
Smartwatches, fitness trackers, and other electronic gadgets wearables are becoming more and more popular, as are cell phones and tablets.
These connected devices do much more than show the time: they monitor our health, they show us our emails, they check our smart homes and they can even be used for in-store payments. They are an extension of the so-called Internet of Things (IoT) that makes the lives of all of us more comfortable, while reducing the time it takes to use smartphones, which has reached almost six hours for half of Americans this year.
Naturally, this is a market that will grow at an annual rate of 12,5% in the coming years and will exceed US $ 118 billion by 2028. But while wearables are steadily finding their way into our daily lives, they are also collecting more data. and are connected to a growing number of other smart devices.
But what are the potential security risks from fitness trackers and how can we protect our privacy?
ESET teammate Phil Muncaster outlines four key ways in which Threat actors can take advantage of wearables attacks.
1. The so-called "third-party companies"
The data your devices collect can be extremely valuable to advertisers. There is also a boom in such markets in some markets, although they should be tightly controlled in the EU thanks to legislation passed in 2018. A report argued that revenue generated from data sold by healthcare device manufacturers to insurance companies could to reach $ 855 million by 2023.
Some third parties may even use them to create advertising profiles for users and then sell them. If this data is stored by many companies, this is a greater risk of breach.
2. Unlocking the smart home
Some wearables can be used to control our smart home appliances. They can even be configured to unlock your front door. This poses a significant risk to your safety if the devices are lost or stolen and the anti-theft settings have not been activated.
3. Data theft and manipulation
Some smartwatches offer synchronized access to your smartphone applications, such as emails and messages. This may allow unauthorized users to steal sensitive personal data. Equally worrying is where much of this data is stored. If they are not properly protected, the provider can become a target for spying. There is a thriving underground market for certain types of personal and financial data.
4. Site-based threats
Another basic type of data recorded by most wearables is site related. With this information, hackers can create an accurate profile of your movements during the day. This could allow them to physically attack the user or their car / home during off-hours. There are even greater concerns about the safety of children wearing such devices if monitored by third parties.
All of this may seem unlikely, but a few years ago, security researchers identified vulnerabilities in children's smartwatches that exposed the location and personal data of children. Prior to that, another study found that many manufacturers were sending unencrypted personal data of children using the products to servers in China.
Concerns persist to this day, with research showing that the devices are prone to tampering, which could even cause physical discomfort to the user. Another study found that hackers could change passwords, make calls, send text messages and gain access to cameras from devices designed to monitor the elderly and children.
Where do device ecosystems lag behind?
The device you are wearing is only a part of the image. In fact, there are many elements - from the firmware of the device to the protocols it uses for connectivity, its implementation and back-end cloud servers. Everything is prone to attack if security and privacy are not properly considered by the manufacturer.
Here are some of them:
Bluetooth: Bluetooth Low Energy is commonly used to connect mobile devices to your smartphone. However, many vulnerabilities in the protocol have been discovered over the years. They could allow attackers in close proximity to damage devices, steal information, or manipulate data.
Appliances: Often the device software itself is vulnerable to external attacks due to poor programming. Even the best-designed watch is ultimately man-made and therefore may contain coding errors. These can also lead to privacy leaks, data loss and more.
Poor authentication / encryption on devices can also mean that they are exposed to piracy and eavesdropping. Users should also be aware of shoulder surfers if they use their mobile devices to view sensitive messages / data in public.
Applications: Smartphone-related smartphone apps are another way of attacking. Again, they can be misspelled and full of vulnerabilities, exposing access to users' data and devices. A special risk is that the applications or even the users themselves are careless with the data. You may also accidentally download fake applications that are designed to look like legitimate ones and enter personal information into them.
Back-end servers: As mentioned, cloud-based ISP systems can store device information, including location data and other details. This is an attractive target for attackers. There is not much you can do about it other than choose a reliable provider with a good security history.
Unfortunately, many of the above scenarios are more than theoretical.
You; How do you protect your devices?
According to Phil Muncaster of ESET, fortunately there are several things you can do to minimize the risks described above. Some of them are:
• Enable two-factor authentication
• Protect the lock screen with a password
• Change settings to prevent any unauthorized pairing
• You buy wearables from reputable suppliers
• Take a close look at the privacy and security settings to make sure they are set up correctly
How to protect your smartphone
• Use only legitimate app stores
• Be sure to update all software
• Never jailbreak / root on devices
• Restrict the rights you grant to applications
• Install trusted Antivirus software on your device
How to protect a smart home
• Do not synchronize wearables with your front door
• Keep the devices on the guests's Wi-Fi network
• Update all devices to the latest firmware
• Change all device passwords from the factory settings
As wearables become part of our daily lives, they become a bigger target for cybercriminals. Do your pre-purchase research and close as many attack paths as possible as soon as you start your new device.
Registration in iGuRu.gr via email
Follow us on Google News