In 2018, 34-year-old Bobbi Leverette was lying in bed beside her newborn baby when her heart suddenly took on a rapid, life-threatening rhythm. Fortunately, following an earlier diagnoses of a dangerous heart condition, she had been fitted with a wearable defibrillator, which detected her irregular heart pattern and administered a shock treatment that saved her life.

Although wearable devices save lives, users’ personal information can be compromised following a security breach — and attacks on wearables are on the rise. In 2023, Zoll, the company that developed the device that saved Leverette’s life, confirmed that the sensitive data of more than 1 million of its patients had been exposed. An attacker gained access to users’ patient names, dates of birth, contact details, and Social Security numbers. may have now been compromised by a breach.

From smartwatches to biosensors, wearable devices are on the rise. MarketsandMarkets predicts that the wearables market will reach $265.4 billion by 2026, driven by lead players in the sector such as Sony, Panasonic, Samsung, LG, Apple, Fitbit, and Microsoft. But how safe are they?

Wearing Your Sensitive Data on Your Sleeve

Wearable devices can collect and store various types of personal data, such as health metrics, location, payment information, and biometric identifiers. This information can provide valuable insights for users and third-party service providers such as fitness coaches, insurance companies, and marketers.

However, cybercriminals are waiting to exploit vulnerabilities. They can access valuable user data through physical theft of the device, wireless interception, cloud breaches, and other cyberattack techniques. For example, in the UK, police warned cyclists and runners that using GPS apps to track their routes could expose them to burglary risk, as criminals could use the data to identify when and where they are away from home.

Health data collected by wearables can reveal sensitive information about a user’s medical conditions, habits, or lifestyle choices. This data can be exploited for blackmail, discrimination, or identity theft. Moreover, payment data stored on wearables could enable unauthorized transactions or fraud if not properly secured. These can be misused when the wearable is lost or stolen and not protected by PIN or biometrics. The fact that devices connect to smartphones opens a less obvious alley for fraud: hijacking the smartphone itself. In fact, Trojans on mobile devices are one of the fastest-growing security threats.

Securing Wearables With Cutting-Edge Technology

Understanding the “wearables data-security paradox” is essential.

On one hand, wearable devices present risks due to the amount of personal data they collect. On the other, the same high-risk data they collect can be used to develop security technologies. Specifically, they can leverage the idiosyncrasies of their wearers to perform biometric verification, which is a method of authenticating a user based on their unique physical or behavioral characteristics.

In a rare combination of convenience and security, fingerprint verification is the easiest to implement here. It’s reliable, fast, and computationally cheap, and there are already a number of standards and readers small enough to incorporate into wearables.

Another example leverages the capability of some wearable devices that can measure the heartbeat of users, which is highly accurate and difficult to spoof. A user’s heartbeat pattern can be utilized as a biometric identifier to verify the user when performing sensitive operations, such as pairing with a new device, synchronizing data, or making payments, as a study by researchers from Binghamton University and Stevens Institute of Technology reveals.

Biometrics also offers several advantages over traditional authentication methods, since they are harder to compromise, more convenient for users, and cannot be spoofed.

To overcome security challenges, developers should code biometric verification to be used in combination with other methods of authentication, such as passwords or PINs. The biometric data must also be encrypted and stored locally on their devices whenever possible and not transmitted or shared with third parties without permission. Furthermore, users should be given the opportunity to revoke or change their biometric identifiers if needed.

Know Your Privacy and Security

To protect personal data from misuse, developers, and users must be aware of the types of data their devices collect and store and how they are shared with third-party services or cloud platforms.

Users should have the ability to enable encryption and multifactor authentication and know the risks of using public or unsecured Wi-Fi networks to sync their data. Finally, privacy policies and terms of service need to be accessible and make it clear to users that they can opt out of any unnecessary data collection or sharing.

When building a new wearable technology for the market, developers must provide users with the highest levels of control over their data access and sharing preferences. Users must be able to customize different data permissions through settings and configuration, including GPS tracking, health metrics, payment information, or biometric identifiers.

Final Thoughts: A World of Devices

Wearable devices are part of the new Internet of Things (IoT) era. Reports estimate that connected devices will almost triple, from 9.7 billion in 2020 to more than 29 billion in 2030. After all, they make lives easier — even save them. To mitigate risks, both developers and users must include security principles and technologies as core foundations for each device. At the same time, users must educate themselves and be given the tools to customize their security settings.

Deploying and activating biometrics technology is essential. It is our most advanced resource to protect our data and to protect lives.

Source: www.darkreading.com