Wearable Product Security: What you need to know

By John Leonard June 7, 2016


Today’s consumers have a great appetite for the hottest new gadgets. New wearables and smartphones sell quickly, in huge numbers. They also collect huge amounts of data about users, such as where they’ve been and what they’ve been doing. But there are increasing concerns about the security of all of this data. Who has access to it, and how will it be used?

Security issues should always be taken seriously. Your company can incur serious damage by ignoring laws relating to security or failing to deal with issues that come to light. Not only will it damage the reputation of your brand, you may also face costs from returns, chargebacks and falling sales or even legal action and fines.

What is the security risk with a connected wearable device?

The Internet of Things (IoT) is a whole ecosystem of devices, all coming from multiple manufacturers using different technologies and with different attitudes to security. Some are very good at updating their software quickly, to keep it free from security issues. But some manufacturers take a very laid-back attitude to security, compromising not only their own products but also providing points of entry to the network - thereby putting other devices at risk, too!

Currently, few wearables connect directly to a cloud service. Normally they need to connect via a gateway like a smartphone, with an app for a user interface. Every connection point provides a potential entry for hackers.

> Read also: Which technology should I choose to connect my wearable device to a phone

What do the hackers want?

Consumers might be worried that others may access their medical data, and within the medical sector there are strict rules about privacy. However, few hackers are interested in fitness data or heart rate logs. This is of no use to them. They want to gain the maximum value from the lowest amount of time, money and effort. What they are really looking for is an entry point to the whole network. This gives them access to a lot more information than what’s on a single device. The network contains personal data, passwords, emails, digital media and more, which can be used for various purposes such as identity theft. The motivation is usually financial, but there are also people doing this to get inside information, gain fame within the hacking community or just because they can. 

How can your wearable device be hacked?

Hackers use different tactics to try to gain access. They may set up fake gateways or pretend to be a friendly device within the network. They may also use software to set up their own channels to trick users.

Security solutions for wearable products

If your wearable is not using a secure end-to-end connection, or direct connection to a cloud service, it is more vulnerable. With sensitive information from medical wearables, it is essential that these devices periodically generate a new shared key for encrypting data. Security can be significantly increased by using larger keys.

Near Field Communication (NFC) will avoid some of the risks as the communication range is only a few centimeters. Banks and phone manufacturers are increasing the use of NFC for contactless mobile payments, which adds credibility to NFC as a secure technology.

There are other security solutions that can prevent others from using wearable devices when the owner is not present.

Use of biometric security is on the rise. These solutions avoid unauthorized access by using unique personal characteristics, such as:

  • Fingerprints
  • Palm prints
  • Palm veins
  • Hand geometry
  • Iris recognition
  • Face recognition
  • Retina patterns

We also have behavioral characteristics, style of writing and voice. These are less secure, as they can easily be imitated.

Apple and PayPal are two of the companies that currently use fingerprints as a secure way for users to identify themselves when accessing the phone or app.

Biometric security is expected to be a standard feature on smartphones within the next two years.
It is a secure and effortless way of allowing the user to prove their identity. Another benefit is that, unlike passwords, fingerprints can’t be forgotten.

To increase security further, you should combine biometrics with something that only the user knows. For example, a password or a piece of personal information.

Keep your wearable product secure

Nothing is 100% secure. And *you* are responsible for taking the necessary precautions to minimize the risk run by your customers. If you build your own protocol, it is your job to make it secure. You need to show your customers that you take the integrity of their personal data seriously.

If you don't have the necessary knowledge of wireless security, always consult with someone who do. Have someone help you introduce the level of security that your users need. Because the success of your product relies on it, too. Don't set yourself up to fail.

> Read also: Home Automation Security: Why secure solutions are essential for IoT?


Dress smart: How to get started with your wearables project Download the free eBook now


Topics: wearables, security

John Leonard's photo

By: John Leonard

John Leonard has a B.Sc (Hons) in Electronics and Computing from the University of Portsmouth in the UK. Leonard currently works as Product Marketing Manager in Product Management with responsibility for product support needs and staff training requirements. He has worked in various roles in the 12 years he has been with Nordic Semiconductor, including Field Applications Engineer and Regional Sales Manager in both US and Europe. Previously he has worked in Systems & Software within the defense industry. Outside of work Leonard enjoys playing guitar, reading and playing football. Feel free to ask John a question in the comments below!



Get Connected Blog

This blog is for you who are new to the connected world of the Internet of Things (IoT) - whether you are a senior executive, in product development, or simply a curious soul.

Our goal is to inform you, keep you updated and help you understand the opportunities and challenges of IoT for your industry.

If you are a developer, you may want to check out our blogs and developer guides in the DevZone

Visit www.nordicsemi.com

New Call-to-action

Latest Posts