Smart home

Wearables as Threat to Security and Privacy

You may be like the millions of other consumers happily relying on their wearable devices to track your steps, heartbeat and other health or fitness data, and yet you may not realize that this is exposing you to risk. Though that remarkable unit has helped you to take more steps each day, it could leave you open to major threats.

While not presenting risks to your physical health, these wearables track and store data in their proprietary software that can place owners at risk of data breaches and privacy issues. And more often than not, a consumer does not even realize they are at any risk at all.

The Threats When Using Wearables

When listing the risks that such useful items as wearables create, we would have to consider:

  • The personal/health data that is handed over via the EULA (end user licensing agreement)
  • The personal/health data that may be compromised in a hack
  • The use of the data that is tracked and stored through the wearable, i.e., by an employer or insurance provider
  • The risk that comes when a company fails and your data is in their hands, i.e. can it be rented or sold?
  • The repercussions of allowing specific groups to have your health or personal data and make decisions based on it

Of course, there are some benefits about wearables and their data. After all, insurance firms may be able to use data to prove fraud and solve a crime, but it is currently a matter of “cons” outweighing “pros” where the issues of security and privacy are concerned.

“Wearable tech creates a new opportunity for private data to be collected, whether with or without the user’s knowledge. And often, the user might have granted permission, without realizing quite what they were giving up,” says author Teena Hammond.

Essentially, wearables are far less secure than many other forms of tech. Those who use them frequently give away data without knowing just how broadly their privacy is invaded or how insecure the system is.

Steps Taken, Heart Rate, Pulse. Are These Risks?

Naturally, you may wonder how someone learning that you walk ten thousand steps each day is a threat to your security or privacy. This is why the consumer market remains unaware of the overarching security risks of the devices.

However, considering that carelessly stored data or improperly managed information can be stolen and then sold the repercussions are severe.

As a single example, the health data from your wearable may be given to groups responsible for your health insurance rates or even in the decision-making process of whether or not your policy is renewed. Whether the data is handed over legally as part of the EULA you agreed to or stolen by hackers, the threat exists.

And as one report from Tech Republic warned, “If you’ve willingly shared this data with your health insurer, through discount options at work, you may already be facing rising insurance costs without any data breach necessary. Since many employers offer ‘good health’ discounts to employees who stay within regulation weight and exercise parameters to receive significant savings on health insurance.”

Data Is a Major Commodity

In the modern world, there are now organizations that operate exclusively as data brokers, collecting and then selling or renting out sets of data for business and industry to utilize. According to an FTC report in 2014,

“Data brokers have received an average of 3,000 data segments on nearly every US consumer … [and] This is outside of the data being collected by wearable devices.”

The growth and spread of wearables in the consumer markets and workplace means, even more, data is collected about individuals and is then made available for sale through data brokers. And personal data is some of the most valuable, cited as being even more valuable than credit card information. “Ten times that of a credit card on a black market” is how one consumer security expert described it. (TechRepublic)

Wearables remain some of the most vulnerable points in the data collection industry.

The Race to Market

Fundamentally, the security risks are due to the race to get wearables to the consumer markets. Some of the most in-demand items, they are also some of the most rapidly developing. The makers and designers are well aware of the pressures to provide a well designed and cutting edge wearable, and they hurry to create something appealing and accessible. However, in a rush, security is left behind.

And though security patches are easy enough to create and make available for owners to use to update things like apps, the complexity of wearables makes updating their safety very challenging.

Technologically savvy consumers might struggle to apply the appropriate security updates, and that leaves the average consumer at risk for a data hack or privacy invasion.

Though some industry experts are already pointing out that it would be far wiser for the major manufacturers to build security into their design processes, we currently exist in a “faster is better” era, and this is forcing many companies just to get their device to market, and hope to make the fixes later.

It is also leading some firms to invest in “data breach insurance” to deal with the almost inevitable data breach threats and subsequent consumer litigation. However, the insurance firms have already recognized that many companies are misrepresenting their abilities to control and secure data. Citing overreaching EULAs and security or privacy practices, insurance companies have started to highlight the need for action on the whole matter of wearables and risks.

The Need Is Now

The discussions around wearables and the risks they pose have many major points. While it is important for consumers to be far more aware of what it means to wear an Internet-connected device, and what is done with the data it gathers, the industry itself has to start making changes. Consumers are willing to hand over data without understanding risks or costs, so it becomes a matter of education, but also act on the part of regulators and manufacturers.

Security engineer, Conan Dooley said that it would be best if “a collective group of regulators, combining government and manufacturers” would start the conversation on this set of problems. With more than 200 million wearables anticipated being in use within the next year, the first major data breach is expected to occur within that same window of time.

Though there are some security resources, not enough exist. Until then, it is up to consumers to know the benefits and costs of wearables and decide if they are comfortable with the exposure to privacy challenges and security risks.