To be able to offer the wearables their functions, personal data is collected through their corresponding applications. If unauthorised third parties gain access to this data, they can get a lot of information, if not almost everything about the user (depending on the volume and nature of the data) and could use that knowledge for bad purposes.
The possible gateways to a wearable’s system and the data stored therein represent security holes in the application software or the operating system of these smart mini-computers. When paired with your smartphone, the wearable can access smartphone data and functions, such as location, contacts or phone status. Wearable’s access permissions to companion device data must, therefore, always be checked and deactivated - if necessary. Conversely, access to wearable data via companion device applications should only be authorised if necessary.
An attacker could exploit this, for example, to gain control of the wearable. If a hacked wearable has extended rights to control another device to which it is connected, such as a smartphone, the attacker can also use these rights to take control of the latter.
Regular monitoring of the local area network (Wi-Fi), connected devices and their activity will also help detect possible problems and close doors when they are no longer in use.
Some good practices:
- If the object does not have a protection option via a password or a PIN code, it must be stored and kept in a secure place when not worn on the body.
- If possible, data encryption should be enabled.
- Regular monitoring of the local network (Wi-Fi), connected devices and their activity will also detect possible problems and close doors when they are no longer in use