This holiday season, consumers and cybercriminals might have the same thing on their wish list this holiday season: wearables.
Forbes reports that the rising popularity of wearable devices like Fitbit and the Apple Watch this year is likely to mean that the security of the devices will suffer as manufacturers struggle to keep up with demand, and that will draw the attention of hackers to the items.
“Generally, [wearables are] going to be the next platform that tens of millions of people are using and the volume will be very high,” Good Technology’s John Herrema told the outlet. “It will be interesting after the Christmas season because it will become an attractive place for hackers to look.”
According to Derek Manky, of FortiGuard, Fortinet’s threat research firm, attacks from the Internet of Things are — for the first time — among the company’s list of Top 10 threats globally.
“I fully expect upwards of a 25 percent increase of vulnerabilities will be disclosed next year and a large attack surface in the next four years,” Manky — who, earlier this year, reported on vulnerabilities found in Fitbit (which that company later disputed) — remarked to Forbes. “We’re expecting to see three times [connected devices] the amount of the human population in that time.”
Tanium co-founder Orion Hindawi tells the outlet that as Bluetooth becomes the primary means of communication built into wearables, it’s also becoming “an access point” for hackers.
“The only benefit Bluetooth gives you is that the shorter distance communications protocol but in reality you can actually connect to Bluetooth device from tens of feet away which doesn’t really give you much assurance,” states Hindawi. “If somebody wants to steal that data, they will be able to. A lot of the Bluetooth devices end up connecting to something that then itself has either Wi-Fi or Internet access through LTE or some cell modem and if it’s compromised at all, it compromises feedback devices as well.”
To that end, consumers of medical wearbles — which are “inherently very, very personal,” comments Herrema — have reason to be particularly concerned, as do those of wearables with the common features of sleep or step tracking.
“If [hackers] look at the patterns from 1 to 2 p.m. every day when your heart rate goes up, they know you’re probably out running or going to a gym and that would be the perfect time to rob you,” says Herrera, who tells Forbes the address book is mobile devices’ most overlooked leakage point for accessing data. “They may see your sleep pattern and know, ‘OK, this person goes to bed at pretty much 11 o’clock every night and wakes up at 6 so this is when we should try to break into their house.’”
While devices operating on Android, according to Manky, are currently the most vulnerable to attack, the likelihood is that the overall demand for wearable devices is increase the risk across manufacturers and brands.
Feeling the pressure to meet the demands of the holiday season, companies that produce wearables, says Hindawi, “are willing to take risks with your data that you probably wouldn’t be willing to take.”
He goes on to remark, “Do [those companies] see this as an existential part of their business and are they willing to take a huge hit on potential revenue and profitability in order to implement it? I am afraid that, in many cases, the answer is ‘no.’ They’re not going to be willing to wait another holiday cycle to launch another product.”