Apple introduced their new line of watches last week, once more bringing wearables to tech headlines. Though we donUt yet know enough about the Apple Watch to assess its security profile or the specific risks the device might pose, itUs safe to say there will be some vulnerabilities. Additionally, given time, a determined, skilled attacker will be able to steal its data, as is true for every mobile device. But wearables also present some unique privacy concerns.
One potentially troubling aspect of wearables is the question of just how much data they might be collecting and transmitting. This is especially true of fitness apps, which might track your heart rate, the number of steps you take in a given day, how many miles you walk (and using geolocation sensors, where you walk them) or how many hours of sleep you get each night (and potentially where youUre doing that, too). Many people using wearables donUt realize all the permissions they are granting to the device maker or to the app, and they donUt know whether the info collected by these devices will ultimately be packaged and sold by data brokers. The rise of wearables and the much-touted Internet of Things is in part what prompted the FTC to ask Congress to enact legislation to allowing people to know what data is being collected about them and who is collecting it.
Even if youUre okay with data brokers getting this info, you might not want, say, your health insurer to know that youUre not exercising much and you have a high resting pulse rate, which they then might combine with other data (what kind of foods you buy at the store or how often you visit the doctor, for example) to decide that you should be charged a higher rate. Geolocation data on a wearable (or any device with GPS capabilities) could also tell auto insurers that you tend to drive above the speed limit, and therefore should be a treated as an insurance risk.
And even if youUre fine with insurers and the like collecting this data, you probably wouldnUt be happy about cybercriminals accessing it. In general, the weakest point in wearable security is when data is in-transit to cloud services. Because these devices are designed to be small and highly portable, the computers running them are also engineered to be as small as possible. This involves making sacrifices, and sometimes security is compromised as a result because the hardware needed to transmit more secure communications wonUt fit in a tiny watch or inside an eyeglass frame.
ItUs too soon to tell how secure the coming generations of wearables will be, but itUs safe to say they pose the kinds of privacy concerns that should make consumers think hard about just how much information they are willing to share.