Today’s consumers have a great appetite for the hottest new gadgets. New wearables and smartphones sell quickly, in huge numbers. They also collect huge amounts of data about users, such as where they’ve been and what they’ve been doing. But there are increasing concerns about the security of all of this data. Who has access to it, and how will it be used?
Security issues should always be taken seriously. Your company can incur serious damage by ignoring laws relating to security or failing to deal with issues that come to light. Not only will it damage the reputation of your brand, you may also face costs from returns, chargebacks and falling sales or even legal action and fines.
What is the security risk with a connected wearable device?
The Internet of Things (IoT) is a whole ecosystem of devices, all coming from multiple manufacturers using different technologies and with different attitudes to security. Some are very good at updating their software quickly, to keep it free from security issues. But some manufacturers take a very laid-back attitude to security, compromising not only their own products but also providing points of entry to the network - thereby putting other devices at risk, too!
Currently, few wearables connect directly to a cloud service. Normally they need to connect via a gateway like a smartphone, with an app for a user interface. Every connection point provides a potential entry for hackers.
What do the hackers want?
Consumers might be worried that others may access their medical data, and within the medical sector there are strict rules about privacy. However, few hackers are interested in fitness data or heart rate logs. This is of no use to them. They want to gain the maximum value from the lowest amount of time, money and effort. What they are really looking for is an entry point to the whole network. This gives them access to a lot more information than what’s on a single device. The network contains personal data, passwords, emails, digital media and more, which can be used for various purposes such as identity theft. The motivation is usually financial, but there are also people doing this to get inside information, gain fame within the hacking community or just because they can.
How can your wearable device be hacked?
Hackers use different tactics to try to gain access. They may set up fake gateways or pretend to be a friendly device within the network. They may also use software to set up their own channels to trick users.
Security solutions for wearable products
If your wearable is not using a secure end-to-end connection, or direct connection to a cloud service, it is more vulnerable. With sensitive information from medical wearables, it is essential that these devices periodically generate a new shared key for encrypting data. Security can be significantly increased by using larger keys.
Near Field Communication (NFC) will avoid some of the risks as the communication range is only a few centimeters. Banks and phone manufacturers are increasing the use of NFC for contactless mobile payments, which adds credibility to NFC as a secure technology.
There are other security solutions that can prevent others from using wearable devices when the owner is not present.
Use of biometric security is on the rise. These solutions avoid unauthorized access by using unique personal characteristics, such as:
- Palm prints
- Palm veins
- Hand geometry
- Iris recognition
- Face recognition
- Retina patterns
We also have behavioral characteristics, style of writing and voice. These are less secure, as they can easily be imitated.
Apple and PayPal are two of the companies that currently use fingerprints as a secure way for users to identify themselves when accessing the phone or app.
Biometric security is expected to be a standard feature on smartphones within the next two years.
It is a secure and effortless way of allowing the user to prove their identity. Another benefit is that, unlike passwords, fingerprints can’t be forgotten.
To increase security further, you should combine biometrics with something that only the user knows. For example, a password or a piece of personal information.
Keep your wearable product secure
Nothing is 100% secure. And *you* are responsible for taking the necessary precautions to minimize the risk run by your customers. If you build your own protocol, it is your job to make it secure. You need to show your customers that you take the integrity of their personal data seriously.
If you don't have the necessary knowledge of wireless security, always consult with someone who do. Have someone help you introduce the level of security that your users need. Because the success of your product relies on it, too. Don't set yourself up to fail.