US Military ban of Fitness Tracker Apps Highlights Wearable IoT Security Risks

Concerns that military personnel could be tracked by fitness apps has resulted in the US military banning them highlighting the security risks posed by wearable IoT devices.

Global wearable technology sales surpassed the 100 million units mark this year with smartwatches making up the bulk of the sales (80 million). Demand for wearable smart devices shows no sign of slowing despite recent incidents that have raised concerns over their security.

Earlier in the year, it was discovered that several fitness apps used by smart devices revealed the location and movements of more than 6,000 serving military personnel, some of whom were serving overseas or stationed at sensitive facilities.

According to a memo seen by the Associated Press; “These geolocation capabilities can expose personal information, locations, routines, and numbers of DOD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission.”

img1

The Risks to Business

Sensitive data is being used and transferred by wearable technology, some of it of a highly sensitive nature for both individuals and businesses. Organisations using wearable technology need to introduce security policies and procedures to reduce the risks.

Wearable technology comes in a variety of forms such as smartwatches, fitness trackers, glasses and head-mounted displays. According to forecasts, there is likely to be 560 million wearable devices in use worldwide by 2021.

As wearable technology firms rush to get their products into the market and win market share, the likelihood of them putting security as their top concern is unlikely. If anything, this market is shaping up to be similar to the smartphone revolution that saw effective security measures being introduced after the initial purchasing rush.

Growing use in the Healthcare Sector

Use of wearable IoT devices has boomed in the healthcare sector with usage rising dramatically in the last decade. The uses vary from aids for surgeons doing complicated surgery to health trackers. The market for wearable devices in the healthcare sector is forecast to rise by $136.8 billion worldwide by 2021, making the sector the single biggest consumer of such products. 

The Risks

Physical Access to Data – Many wearable devices still store sensitive data on their internal memory that is often unencrypted making it easy for a hacker to access the data within.

Espionage – 

The rise of wearable IoT devices has increased the risk of espionage. Using a Smartwatch, for example, to take pictures or record sensitive information without anyone getting wise is no longer in the realm of spy fiction.

Wireless Connections – Many wearable IoT devices can be connected to a smartphone or PC which means that data is constantly being sent and received wirelessly. Security researchers have proven that these types of connection are often insufficient to prevent a determined hacker.

Regulations still playing catch up – With a number of security instances reported in the media regarding IoT devices organisations are beginning to introduce security regulations on how they should be used. However, with the rapid growth of the industry, many products contain security flaws and vulnerabilities.

If an organisation suffers a data breach that breaks regulatory requirements for their industry as a result of a vulnerable IoT device it will still be held fully accountable.

Patching – As many wearable devices use their own applications and operating systems the likelihood of hackers breaking into them is high. As with conventional computers, software needs to be fully patched and kept up to date to avoid the latest vulnerabilities. So far very few wearable creators have a system in place to deliver patches.  You also need to be aware that Anti-Virus/Malware tools aren’t really present for wearables, so if they do get owned, they can’t be cleaned.

Wearable devices work differently to smartphones resulting in many new cybersecurity risks. As the technology becomes more widespread, companies are going to have to rethink their policies and plans when it comes to handling wearable device management.

Have a policy in place

Wearable technology should be included in your organisation's policies so that you can define the acceptable use of such devices. By documenting how many connected devices are in use inside the organisation the security team can then act to secure them all.

For further reading visit –

Racing the Risk

Do you know your third-party risk?

Reduce the IoT Risks with CyberScore™

How can CyberScore™ help?

CyberScore™ automatically detects devices (computers, routers, gateways, mobile devices and other IoT devices on your network. If there are devices connected to your network, CyberScore™ can locate them and, if you don't know what your network looks like or what your IP addresses are, it can automatically detect them for you.

Once it finds the devices on a network, it can carry out detailed inspections of them to check for vulnerabilities.

In-depth patch and technical reports and a Get-Well plan provide a thorough overview and what needs to be done to improve an organisation’s security.

The process is quick and easy allowing your IT and security teams to have a clear overview of all devices on their networks and any potential vulnerabilities they may have.

Follow XQ Cyber on FacebookTwitter , LinkedIn and sign up to our mailing list at https://www.xqcyber.com/signup