How strong is your smartwatch's data security?

Thu, 01/10/2015 - 12:30

In a society where health and wellness are no longer buzzwords but real things people have adopted as part of a balanced lifestyle, we need devices that keep us aware and informed – to be the catalysts that drive us to action. But while the Internet of things (IoT) has allowed smart wearables to become commonplace in today's households and workplaces, big adoption can spell bigger risks for data security.

Popular opinion

Since it's popular opinion pushing the sales of smart wearables to new heights, ISACA (previously known as the Information Systems Audit and Control Association) surveyed 1,001 employed consumers of connected devices in the UK. The results showed that around 60% of respondents proactively tried to manage the privacy and data security settings on their devices but only 36% felt that information gathered on their smartwatches (and 29% on their smart glasses) was private. Only 21% thought their smartwatches were actually secure.

First, the bad news

Inadvertently confirming popular opinion, HP went ahead and conducted a study on ten popular iOS and Android-based smartwatches. They found "...numerous security concerns..." on these devices while performing a battery of security tests (known as HP Fortify). Here are some of the most noteworthy problems found:

  • Insufficient user authentication. Things like limits on the number of failed password attempts and two-factor authentication were found lacking in 3 devices.
  • Network vulnerability. Four in ten devices still used the POODLE-vulnerable SSL v2 encryption ciphers.
  • Insecure interfaces. Since 3 of the devices had cloud access, the mechanism used here would allow hackers to determine which cloud accounts were valid by using the "reset password" procedure.
  • Insecure software/firmware updates. Seven in ten devices showed vulnerability in that their software and firmware updates were not encrypted allowing eavesdroppers to download and analyse them.
  • Exposed personal details. The lack of data security mentioned above raises the risk of exposing personal details gathered by the devices, such as names, addresses, dates of birth, and notably health and fitness information.

Now the good news

Strides are being made with developing better data security legislation in the EU. The rights of the individual are in focus and how their personal information is to be protected. The Data Protection Directive (95/46/EC) has been blamed for being outmoded, which has sparked the need for legislation that better considers the nature of connected devices in the IoT.

Although currently a work in progress, the new General Data Protection Regulation (GDPR) will elaborate on aspects of the existing Directive but will supersede it, once it's adopted by as early as 2016. Among other things, it aims to address the wearable device sector with better descriptions of what constitutes private data, how said data can be collected, and in what form it should be transmitted, if at all.

But in the meantime

There are some things you can do to protect yourself. HP had the following recommendations to help consumers from falling victim to bad data security:

"... that users do not enable sensitive access control functions such as car or home access unless strong authorization is offered. In addition, enabling passcode functionality, ensuring strong passwords and instituting two-factor authentication will help prevent unauthorized access to data."

So, while you look good doing that thing you do with your snazzy smartwatch, take care of your devices and their data as much as you take care yourself.

Recent Articles

Redstor-DR_or_reduced_downtime_blog Disaster Recovery

Disaster Recovery or Reduced Downtime?

Disaster recovery (DR) has historically been out of reach to some organisations. The need for expensive equipment or services outweighed the... read more

June 19, 2018
Redstor_UK Data Breaches_blog Data Protection

Data Breaches In The Public Sector

Data breaches are an expensive problem and are about to become even more costly. The introduction of the GDPR will make them more expensive,... read more

June 14, 2018
Redstor-_Why_great_support_is_vital_blog Disaster Recovery

Why Great Support Is Vital To IT Strategy

An organisation’s IT strategy must deal with many aspects, from ensuring users have a seamless experience to protecting against the threats of... read more

June 12, 2018