June 8, 2022 | Updated: June 17, 2022
Wearable devices collect a lot of information. But what happens to the information after it’s collected? It may not stay on the device at all, and that paves the way for a complex network of vulnerabilities of systems that expose data that many users would prefer remain confidential. .
Consider a fitness tracker. The device itself might collect data about where and how hard we worked out, but it’s usually stored on cloud-based services. Those services may integrate with applications that might also collect information about what we eat, how much we weigh,and the general state of our health. In addition, the apps themselves might also hold credit card information for payment purposes.
“By connecting a wearable to an extended ecosystem, one is exposing a larger attack surface,” said Aiyappan Pillai, IEEE Senior Member. “Cybersecurity experts look at this as a supply chain that includes a data generator, an analytics engine and a service provider. Each link in the chain, including the connecting networks, presents a potential risk.”
What’s the risk?
Most criminal intrusions of computer networks have a financial motive. That may lead people to conclude that wearables have a low cybersecurity risk. But wearables data, especially in healthcare settings, is often tied to financial information.
Depending on the organization from which it was obtained, stolen health data can be extremely valuable because it often includes so much personally identifiable information,including birthdays, email addresses and other login information- that can be used for identity theft purposes, said IEEE Senior Member Kevin Curran.
Hospitals, for example, might maintain extensive databases of personally identifiable information for billing purposes. And the rise of wearables, implants and other connected devices adds a new dimension to cybersecurity risk.
“Having such a large and diverse array of devices connected to the network will mean that there will be countless connected endpoints in each hospital. If proper visibility of the network is not achieved, then each endpoint will represent a potential vulnerability to try and exploit for cybercriminals,” Curran said
So what should consumers look for in a device?
Curran said consumers should try to buy wearable devices from reputable manufacturers.
“The key security weakness of wearable devices can be their lack of security updates,” Curran said. “There is no legal requirement for wearable manufacturers to provide a roadmap of security updates for a specified period. However the larger the manufacturers are, the more likely they are to provide patches in the future.”
App designers need to also ensure user-friendliness while incorporating security measures that cater to all categories of users, including older patients that may not have familiarity with newer technology.
Some security features that consumers should look for include “strong multi-factor authentication methods for device access, which may be biometric, such as fingerprint voice recognition, iris recognition, passwords and location-based authentication.”
For makers of wearables, building secure products will be key to success as security challenges grow.
“Security issues will consume even more resources by overhead data and processing,”said IEEE Senior Member Vicente Ferreira de Lucena Jr., “We need more efficient procedures, without losing their reliability.”IEEE members and volunteers provide crucial guidance on ways that companies can build secure apps and devices. In this podcast, learn more about privacy and security challenges in the management of wearables and connected medical devices.